Australian organisations will soon gain access to Anthropic’s advanced AI model, Claude Mythos Preview, a system that has not been released to the public due to concerns about its ability to identify and potentially exploit serious software vulnerabilities.
The San Francisco-based AI company is expanding access through Project Glasswing, a restricted cybersecurity initiative designed to help trusted organisations detect and fix security flaws before similar AI capabilities become available to cybercriminals.
According to Reuters, Anthropic is increasing participation in the program from around 50 organisations to approximately 200 across more than 15 countries. The expansion includes government agencies and organisations operating in critical sectors such as healthcare, energy, water, telecommunications, and hardware manufacturing.
The Financial Times reported that the program now extends across the Five Eyes intelligence alliance—which includes Australia—as well as NATO members and the European Union’s cybersecurity agency. While Anthropic has confirmed that Australian organisations will participate, it has not publicly disclosed which entities have been selected.
Claude Mythos Preview has attracted significant attention due to its advanced cybersecurity capabilities. Anthropic says participating organisations use the model for vulnerability detection, penetration testing, endpoint security assessments, and black-box testing. The company has stated that the model will remain restricted until stronger safety measures are developed.
According to Anthropic, Project Glasswing participants have already identified more than 10,000 high- and critical-severity software vulnerabilities. Reuters reported that a successful cyberattack on systems operated by partner organisations could potentially affect more than 100 million people, highlighting the importance of limiting access to trusted defenders.
Australia has been closely monitoring the development of the technology. Earlier this year, Reuters reported that the Australian Government was working with software providers, including Anthropic, after Mythos uncovered thousands of vulnerabilities in operating systems and web browsers. A spokesperson for Home Affairs Minister Tony Burke said protecting critical infrastructure remained a top priority.
Australia’s financial sector is also paying close attention. The Reserve Bank of Australia, the Reserve Bank of New Zealand, and the Australian Banking Association have reportedly been engaging with regulators and industry partners to assess the implications of the technology and strengthen cyber resilience.
Experts describe Mythos as a “dual-use” technology. While it can help defenders identify and fix vulnerabilities before they are exploited, similar capabilities could also be used by malicious actors to accelerate attacks on financial institutions, utilities, telecommunications networks, and other critical services.
The United Kingdom’s AI Security Institute found that Mythos demonstrated cybersecurity capabilities beyond those of previous frontier AI models. In controlled testing, the model was able to autonomously discover and exploit vulnerabilities and carry out complex, multi-stage cyberattacks—tasks that might otherwise require days of work by skilled professionals.
The institute reported that Mythos achieved a 73 per cent success rate on expert-level capture-the-flag cybersecurity challenges and became the first AI model to successfully complete a simulated 32-step corporate network attack in certain test scenarios.
Researchers from the University of Queensland noted that Anthropic’s decision to withhold the model from public release reflects concerns about its powerful capabilities and associated risks. They said Project Glasswing aims to give defenders a critical advantage before comparable AI-powered cyber tools become widely accessible.
Anthropic says the initiative is focused on protecting foundational systems that form a significant portion of the world’s digital infrastructure. The company has also pledged funding and AI usage credits to support open-source software maintainers as organisations adapt to an increasingly complex cyber threat environment.
For Australia, access to Claude Mythos Preview could strengthen the cyber defences of banks, government agencies, telecommunications providers, energy companies, and other operators of critical infrastructure. However, it also raises important questions about oversight, access controls, and safeguards needed to prevent misuse of highly capable AI systems.
Anthropic has warned that similar AI cybersecurity capabilities may emerge from other providers within the next six to twelve months, increasing the urgency for governments and organisations to address vulnerabilities before attackers gain access to comparable tools.
The expansion of Project Glasswing places Australia at the forefront of a global experiment: using a highly capable AI system—considered too risky for public release—to strengthen defences against the next generation of AI-assisted cyber threats.