New Zealand's National Cyber Security Centre (NCSC) has been granted direct access to Claude Mythos, the frontier AI model from Anthropic that has demonstrated the ability to find and exploit software vulnerabilities with little human direction. The access comes as Anthropic expands its Project Glasswing program to roughly 150 organisations across more than 15 countries, including critical-infrastructure operators in power, water, healthcare and telecommunications, RNZ reported. The NCSC said direct access will "strengthen our national cyber security mission" and help it advise local organisations on rising AI-driven threats. The timing coincides with a US executive order, signed by President Trump on June 2, that seeks early government review of powerful AI models for national-security risks.
New Zealand's National Cyber Security Centre (NCSC) has been given direct access to Claude Mythos, Anthropic's most capable AI model, which has drawn international attention for its ability to find and exploit software flaws with little human direction. The NCSC confirmed to RNZ that it received access on behalf of the New Zealand government, describing the move as both a defensive opportunity and a response to a rapidly shifting threat landscape.
What Mythos can do
Independent testing has documented unusually strong offensive-cyber performance. The UK AI Security Institute (AISI), which evaluated Claude Mythos Preview after its April 7 announcement, reported that the model succeeded on expert-level capture-the-flag challenges 73 percent of the time, tasks no model could complete before April 2025. AISI also said Mythos Preview was the first model to finish "The Last Ones," a 32-step simulated corporate network attack it estimates would take a human team roughly 20 hours, completing it in 3 of 10 attempts. AISI cautioned that its test ranges lacked active defenders, so the model's effectiveness against well-protected systems remains unproven. In reporting on the program's expansion, Anthropic said Glasswing partners have surfaced more than 10,000 high or critical-severity flaws since launch.
The Glasswing rollout
The New Zealand access is one piece of a much larger expansion. Anthropic said it is extending its Project Glasswing program to roughly 150 organisations across more than 15 countries, including critical-infrastructure operators in power, water, healthcare and telecommunications, a group for which Anthropic said a major attack could affect more than 100 million people. New Zealand is among the participating nations, alongside Australia, Canada, Japan, India and several European countries. According to RNZ, the expansion builds on a smaller US group that received access in April and was later permitted to share cybersecurity threat information with others facing similar exposure.
Washington's response
The access coincides with a shift in US policy. Cybersecurity Dive reported that President Trump signed an executive order on June 2 establishing a voluntary pre-release review process for powerful AI models, giving the Departments of Homeland Security and Treasury, the Office of the National Cyber Director and NIST 60 days to define which models warrant government evaluation, with the government able to request up to 30 days of early access. The order followed an earlier draft Trump declined to sign in May after industry pushback, and arrived as a second congressional Homeland Security hearing on frontier AI threats was scheduled, RNZ reported.
Why it matters
The NCSC told RNZ that frontier models will "change the cyber threat landscape" by letting malicious actors find and exploit vulnerabilities "at unprecedented speed and scale," while also helping defenders protect systems "at scale and pace." Its practical guidance was unchanged: patch frequently, limit where an attack can get in, review how vulnerabilities are managed and monitor closely. The episode shows how a single frontier model's emergent capabilities are at once driving a vendor's distribution decisions, new government access regimes and updated national cybersecurity advice.
Scoring Rationale #
Verified reporting shows New Zealand's access is one node in Anthropic's roughly 150-organisation, 15-plus-country Project Glasswing rollout of Claude Mythos, a frontier model that independent AISI testing credits with first-of-kind autonomous network-attack capability. The story carries real weight for AI and security practitioners, tying a frontier model's offensive-cyber capabilities to critical-infrastructure access and a concurrent US executive order on model review. Scored toward the top of the notable band, held below major because the specific news peg is one country's access rather than the model's launch or the executive order itself.
Practice interview problems based on real data
1,500+ SQL & Python problems across 15 industry datasets — the exact type of data you work with.