On 3 June 2026, Anthropic announced it was expanding Project Glasswing to "approximately 150 new organisations" in "more than 15 countries" [1]. The Australian Signals Directorate confirmed Australian entities were among the new cohort, saying it "welcomed" the expansion and that it included "the Australian government and other Australian private companies" [3]. The following day, the office of Home Affairs Minister Tony Burke declined to comment on the announcement [3].
What Mythos is, and why it is not a normal product
Mythos is Anthropic's latest frontier large language model, first made available to a small group of US launch partners on 7 April 2026 under the original Project Glasswing arrangement [2]. The twelve founding partners, including Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA and Palo Alto Networks, were given a preview to find vulnerabilities in critical codebases [2]. The model is not in general release. In April 2026 the UK AI Security Institute confirmed Mythos as the first model to complete a "32-step simulation of a cyber-attack" in its tests [9].
In its own framing of the rollout, Anthropic was direct about what general access would require:
"We're working as quickly as we can to safely release Mythos-level capabilities in general access. To do so, we'll need highly robust safeguards that prevent the model's cyber capabilities from being misused, safeguards that we (and, to our knowledge, all other AI developers) have yet to develop." [1]
That remark captures a tension running through the program. Mythos is being treated less as a commercial product than as a controlled capability, priced and gated accordingly: $25 per million input tokens and $125 per million output tokens via the Claude API, Amazon Bedrock, Google Cloud's Vertex AI and Microsoft Foundry [2]. Anthropic is committing "up to $100M in usage credits and $4M in donations to open-source security organizations" to the program [2].
The model is also the trigger for new international alliances. Anthropic is "coordinating closely with the US government on the timing, scope, and structure of any international access" [1]. That coordination is the backdrop to the 2 June 2026 executive order signed by US President Donald Trump, asking American AI firms to share frontier models for government cybersecurity testing up to 30 days before public release [3, 4]. Anthropic, in a statement, said it "looks forward to collaborating with the White House to support its implementation" [4].
A necessary caveat, however: Aisle, an AI cyber-security vendor, has found that "other, far cheaper models were also able to find" the zero-days Anthropic highlighted [9]. The capability may be new, but it is not exclusively Anthropic's.
The defensive case and the offensive case
The strongest case for access goes like this. The first cohort of Glasswing partners used Mythos Preview to find "more than 10,000 high- or critical-severity security flaws" between early April and early June 2026 [1]. Under initial testing, Mythos flagged 23,000 vulnerabilities; 6,200 were estimated as high-risk, and human experts validated two in three as genuinely high-risk [8]. Anthropic estimates a successful attack on the codebases most new partners maintain could "affect more than 100 million people" [1]. A CrowdStrike statement on Anthropic's Project Glasswing page put the time pressure on defenders starkly: "The window between a vulnerability being discovered and being exploited by an adversary has collapsed, what once took months now happens in minutes with AI" [2].
That is the defensive case. The offensive case is structurally the same. The Conversation's academic panel warned on 4 June 2026 that the cybersecurity divide would "only grow", with smaller Australian companies least able to keep up. "But smaller, less resourced companies will likely not have the capacity to access these tools - or to react to the upcoming tsunami of cybersecurity updates," the panel wrote [8]. The defender still has to find every flaw; the attacker only one. Mythos does not change that, but it shrinks the defender's lead time from months to days.
The Australian security researcher Jamieson O'Reilly, founder of Dvuln and Aether AI, framed the trade-off starker still. The cyber risk, he said, is "already operational" because "Mythos-like capabilities already exist using publicly available models wrapped in the right agentic framework" [5]:
"The CISOs we're briefing are worried, but often about the wrong thing... Most CISOs think they have 12 to 18 months to prepare, but the capability is already operational." [5]
The strongest counter-argument is that this is exactly why Australian defenders need to be inside the room, and that disclosure of the partner list or the specific capabilities granted would compromise both the partners and the ASD's negotiating position. It is a real argument, and it is one the government is making in substance if not always in those words.
The Australian policy gap
The Australian regulator positioned to evaluate Mythos is the Australian AI Safety Institute, established on 4 November 2025 under the Department of Industry, Science and Resources with $29.9 million in initial funding [12]. AISI is explicitly advisory: no regulatory powers, no statutory authority to require pre-deployment evaluation of frontier-AI systems used in Australia [12]. Existing regulators (the Office of the Australian Information Commissioner, the Australian Competition and Consumer Commission, eSafety, ASIC and APRA) retain their enforcement mandates [12]. The Reserve Bank of Australia, APRA and ASIC have separately told ACS Information Age they are "closely monitoring" Claude Mythos and engaging with peer regulators overseas [5].
The visible gap is between an advisory evaluator and a model that has run a 32-step cyber-attack simulation in an AISI test bed [9]. The invisible gap is the list of Australian agencies and private companies now inside the Glasswing cohort. Before the expansion, no Australian entity was on the original list of "about 50 mostly US-based technology companies" [7]. In May 2026, Anthropic's general counsel Jeffrey Bleich, a former US ambassador to Australia, met Assistant Minister Andrew Charlton, Department of Home Affairs staff and the Australian Signals Directorate [7]. A Home Affairs spokesperson said the department had "extensive discussions with Anthropic on the cyber security implications of AI" [7].
The strongest version of the government's argument is that the voluntary guardrails are working, the ASD has the relationship, and disclosure would compromise the partner list. CyberCX chief strategy officer Alastair MacGibbon, a former national cybersecurity adviser, took the opposite view: "Winners are being picked, and [the tech companies] chose in a US-centric way who the winners were" [7]. The responsibility for closing that gap, in his reading, should fall on governments.
Kate Chaney's intervention
Independent MP for Curtin Kate Chaney used her Statements by Members slot in the House of Representatives on 28 May 2026 to flag an AI discussion paper containing 18 policy recommendations across five areas: setting up the structures to govern AI, actively capturing the opportunities, dealing with current harms, preparing for emerging risks, and sharing the benefits of AI with all Australians [10]. She named deepfakes, unhealthy relationships between children and AI chatbots, improving research and productivity, and taxing AI companies among the headline issues [10]. The paper was released the same day as Anthropic's Glasswing expansion [3].
In her 28 May statement to the House, Chaney set out the political problem the government has not yet answered:
"Australia has done remarkably little to prepare. The government has identified broad goals for AI while implementing very little actual policy to achieve them. In the absence of this leadership, our future is being shaped by overseas tech companies and the billionaires who run them. This is why we're seeing a backlash against AI." [10]
She made the same point in a 30 April 2026 article arguing that "a relatively modest increase in federal funding for Australia's Artificial Intelligence Safety Institute (AISI) could deliver significant national benefits by helping manage AI-related risks while positioning Australia to capture economic opportunities ..." [11]. In a separate ABC interview on 4 June 2026, she was more direct:
"I think the government's approach to AI is pretty hands-off, it seems to be, 'we'll see what happens, it's going to be fine, it's probably not going to change as fast as everybody says it will', and I think that's really concerning." [3]
The Chaney proposals covered in the sources are tightly bounded: making the government's Data Centre Expectations binding, resourcing AISI, addressing deepfakes and unhealthy relationships between children and AI chatbots, taxing AI companies, and measures on research and productivity [3, 10, 11]. The paper argues, in effect, that the existing voluntary guardrails are inadequate for a frontier-model release cycle that now measures in months. As she put it on 28 May: "It's time to move from talk to action, from being passive to proactive. The risks of AI won't manage themselves, and the benefits won't just magically appear either" [10].
What Australia gets, and what it gives up
Australia is now, in operational terms, inside the Glasswing club. ITNews confirms the expansion to "up to 150 new organisations from more than 15 countries", with no specific Australian partner names disclosed [4, 6]. Total Glasswing membership is around 200 organisations globally [4]. Anthropic's spokesperson has framed access as "tightly scoped" to organisations defending critical infrastructure across power, water, healthcare, communications, financial services and national security [6]. In late May 2026, Anthropic briefed 170 representatives from Australian finance, communications, transport, energy, data, food and grocery sectors, all declared Systems of National Significance under the SOCI Act [7]. The ASD's relationship is real. The public list of who else is in the room is not.
The government's argument in substance is that this is the trade-off access requires: trust, speed and an advisory evaluator, in lieu of disclosure. The argument Chaney is forcing, and the government has not yet answered, is whether Australia is in a position to be in this club at all without a binding data-centre framework, a properly resourced AISI, and policy responses to the child-safety and deepfake harms that arrive long before the cyber risks do. Assistant Minister Andrew Charlton captured the political risk on 4 June 2026:
"Unless we can look an Australian family in the eye and tell them, truthfully, that data centres will not push up their power bills, will not threaten their water, and will not degrade their neighbourhood, this industry will spend the next decade on the back foot." [3]
Three numbers sit underneath this argument. More than 10,000 high- or critical-severity flaws found by the original cohort between April and June 2026 [1]. 23,000 vulnerabilities flagged in initial testing, of which 6,200 were estimated by Mythos as high-risk and two in three confirmed by human experts [8]. A six-to-twelve month window before rival Mythos-class models are in public release, possibly without the safeguards Anthropic is trying to build [1]. The regulator that has to evaluate all of this is advisory, with $29.9 million in initial funding and no statutory authority to compel pre-deployment review [12]. Australia is in the club, but the regulator cannot yet see inside it.