In April, Anthropic announced a frontier AI model it judged too capable to release. Claude Mythos Preview finds and exploits software vulnerabilities at a level beyond all but a handful of human specialists. Anthropic kept it unreleased, built a controlled programme around it called Project Glasswing, and handed access to the companies that maintain the world's most critical software.
In the weeks since, programme participants have surfaced more than ten thousand high-severity flaws, some of which had survived decades of human review. On 2 June the circle widened to fifteen more countries. New Zealand is one of them.
For NZ businesses the story is mostly good news arriving with a few invoices attached. The software the country runs on is getting safer, faster than it ever has. The price is a new rhythm of patches, maintenance windows, and security costs working through supplier bills. This briefing covers what changed, who holds the new capability, and what is worth doing about it before the next renewal cycle.
A reader that never skims
Claude Mythos Preview is a general-purpose frontier model trained by Anthropic. It has not been released, and Anthropic says it does not plan to release it generally. The reason is specific: the model reads code at a scale and depth no human team can match, then connects small weaknesses scattered across millions of lines into complete, working exploits.
The published examples are worth sitting with. A 27-year-old hole in OpenBSD, an operating system with a reputation as one of the most security-hardened ever built, that let an attacker crash any machine running it with nothing more than a connection. A 16-year-old bug in FFmpeg, the video library buried inside countless products, on a line that automated tools had tested five million times without noticing. A chain of Linux kernel flaws that, combined, turned an ordinary user account into full control of the machine. Mythos found nearly all of this autonomously.
Independent UK government assessment put its cyber capability a step beyond anything else in the frontier class, and Anthropic's own benchmarks show the same gap. Here is the part that matters: finding serious software flaws used to be bottlenecked by a small population of rare human experts. That bottleneck is gone.
Defence got first call
Anthropic's answer to its own model is Project Glasswing. Launch partners include Microsoft, Google, Apple, Amazon Web Services, Cisco, CrowdStrike, Palo Alto Networks, NVIDIA, Broadcom, JPMorganChase, and the Linux Foundation. Beyond the headline names, more than forty additional organisations that build or maintain critical software have access, with Anthropic committing up to US$100 million in usage credits and US$4 million in donations to open-source security groups.
The logic is simple. The companies whose code underpins everything get the model first, point it at their own systems and at the open-source projects everyone depends on, and patch what it finds before the same capability appears in less careful hands. In roughly six weeks, participants surfaced more than ten thousand high or critical severity vulnerabilities. Findings get reported, fixed, then disclosed.
On 2 June the circle widened: organisations in fifteen more countries gained access, including government cyber defence agencies. Australia's Signals Directorate is in. So is New Zealand. For a country our size, a seat inside that tent counts for a lot, because almost everything NZ businesses run is built somewhere else.
Finding a flaw is half the job
Here is where the story gets less tidy. The big providers can patch what Mythos finds because they employ thousands of engineers and own their code. A lot of the world does not look like that. Councils, utilities, and small firms everywhere run systems built up in layers over decades, where the original vendor has been bought, retired, or stopped existing altogether. New Zealand has its share of these.
For software like that, a Mythos-class review can name vulnerabilities that nobody can cheaply fix. There may be no patch and nobody left to write one. The honest options become workarounds, isolation, or replacement, and all three cost money and planning time.
The other half of the catch is speed. CrowdStrike's chief technology officer put it plainly: the window between a vulnerability being discovered and being exploited used to be measured in months, and with AI it collapses toward minutes. Capabilities like this never stay exclusive forever. The defenders got a head start, and the sensible reading of the whole programme is that the head start has a clock on it. The same shortening window is exactly why agentic AI security is moving from a specialist concern to a board-level one.
The new normal, measured
| Figure | What it measures |
|---|---|
| 10,000+ | High and critical severity flaws found by programme participants in roughly six weeks |
| 27 years | Age of the oldest published flaw, found in an operating system famous for being hardened |
| 5,000,000 | Times automated testing ran past one FFmpeg bug without ever catching it |
| 15 | Countries added to the access list on 2 June, New Zealand among them |
| 30 days | Early-access window for the US government under the new executive order |
| 12 hours | The sort of supplier patching outage worth planning for as systems get hardened |
Washington wants the first look
On 2 June the White House signed an executive order titled Promoting Advanced Artificial Intelligence Innovation and Security. Under it, AI developers are asked, on a voluntary basis, to give the US government early access to frontier models for up to thirty days before those models go out to other trusted partners. An earlier draft said ninety days. Industry feedback trimmed it.
Reading the intent matters more than reading the clauses. There is no approval gate here, and nobody in the administration is pretending otherwise. US agencies, with the National Security Agency as the country's prime cyber defender, get time to benchmark a model's cyber capability, work out how to defend against it, and presumably work out what they can do with it. The administration sees a race with China and has no appetite for anything that slows its own developers down.
For everyone outside the US, including New Zealand, the practical effect is sequencing. The most capable models will reach American agencies first and allies on a delay. Thirty days is short. In a world where exploit windows are measured in minutes, it still makes the pecking order official.
What lands on a New Zealand desk
Start with the good news, because there is plenty. Nearly every NZ business runs on software built and maintained offshore: Microsoft 365, Xero, Google Workspace, the banking systems, the payment rails. Those vendors sit inside Glasswing or downstream of it, so the code NZ firms depend on is being swept for flaws at a depth never attempted before. Nobody has to fill in a form to receive that benefit. It arrives on its own.
Now the invoices. Expect suppliers to schedule real maintenance windows, sometimes long ones, as they patch what gets found. An overnight outage at a software provider stops being a scandal and starts being hygiene. Expect a measure of security cost to surface in subscription and service pricing over the next year or two. And if you serve larger customers, expect sharper questions about the software you run, because their auditors and insurers will be asking them the same thing.
Six moves worth making
None of this requires a security team. Most of it is an afternoon and a few firm emails, in rough order of value.
-
Write down what you run. One page: every system the business depends on, who supplies it, who maintains it, what data it touches. The exercise costs an afternoon and turns every later decision from guesswork into a checklist. An afternoon.
-
Ask each vendor one question. How do you learn about vulnerabilities in your product, and what is your patching commitment? Vendors with good answers reply quickly. Silence is also an answer. One email.
-
Plan for maintenance windows. Agree with suppliers on when patches land, know which hours hurt least, and keep a simple line of communication ready for customers. A scheduled twelve-hour outage handled well is a non-event. One conversation.
-
Deal with the orphans. Anything with no vendor behind it deserves a replacement plan, even a slow one. A known flaw with no patch is a liability with a name. Budget the migration before an advisory forces the timing. A project.
-
Budget the pass-through. Security work is moving up suppliers' cost bases, and some of it will reach renewal pricing. A small allowance now beats a surprised email to the accountant later. A line item.
-
Subscribe to the official channel. The National Cyber Security Centre publishes advisories written for exactly this moment. Someone in the business should read them. It takes minutes and it is free. Ten minutes.
The first move is the one that makes every other move easier, and it is the same inventory step that underpins any sane AI adoption decision. You cannot defend, patch, or improve a system you have never written down.
The deal on the table is boring: short outages, slightly higher bills, far fewer catastrophes. As trades go, take it. The expensive version of this story does not schedule itself.
If you want a hand mapping what your business actually runs on, or working out which of the six moves matters most for your setup, get in touch. It is the kind of afternoon that pays for itself.
Frequently asked questions
Frequently asked questions
- What is Project Glasswing?
Project Glasswing is Anthropic's controlled programme for its unreleased Claude Mythos model. Rather than release a model that finds and exploits software vulnerabilities beyond the reach of nearly all human specialists, Anthropic handed access to the organisations that build and maintain critical software, plus more than forty additional critical-software organisations, so they could find and fix flaws before the capability appeared elsewhere. In roughly six weeks, participants surfaced more than ten thousand high or critical severity flaws.
- Does New Zealand have access to Claude Mythos?
Yes. On 2 June 2026 the access list widened to fifteen more countries, New Zealand among them, including government cyber defence agencies. Separately, almost every NZ business already runs on offshore software whose vendors sit inside Glasswing or downstream of it, so that code is being swept for flaws regardless of what any local business does.
- What should NZ businesses actually do about it?
None of it requires a security team. Write down every system you depend on and who maintains it. Ask each vendor how they learn about vulnerabilities and what their patching commitment is. Plan for maintenance windows. Make a replacement plan for any software with no vendor behind it. Budget for security costs creeping into renewal pricing. And subscribe to the National Cyber Security Centre's advisories.
- Will this raise software costs for NZ businesses?
Expect some increase over the next year or two as suppliers move real security work up their cost bases, with a measure of that surfacing in subscription and service pricing, alongside more frequent maintenance windows. The trade is favourable: short outages and slightly higher bills in exchange for far fewer catastrophic breaches.
Sources and further reading
- Anthropic: Project Glasswing, securing critical software for the AI era
- TechCrunch: Anthropic scales Claude Mythos to critical infrastructure in 15+ countries
- The White House: Promoting Advanced Artificial Intelligence Innovation and Security
- The Conversation: Australia now has access to Anthropic's Claude Mythos
- NPR: Trump's new AI safety order seeks voluntary review of new models