New Zealand at the AI Security Frontier

Key Takeaways

• Frontier AI models such as Anthropic’s Claude Mythos can autonomously discover and exploit long‑standing software flaws at unprecedented speed, triggering a surge in security alerts.
• New Zealand’s National Cyber Security Centre (NCSC) is monitoring these developments, coordinating with international partners and tech firms, but is not part of the exclusive US‑led Project Glasswing test group.
• Early tests by Palo Alto Networks showed Mythos generating dozens of vulnerability alerts in a single day—far above its normal monthly output—highlighting the model’s potency.
• The emergence of AI‑driven “daisy‑chaining” of low‑risk flaws into high‑risk exploits threatens to expose decades of technical debt across critical infrastructure, finance, and government systems.
• While malicious actors could weaponise these capabilities, defenders may also benefit in the medium‑to‑long term as AI assists in building more secure code and improving the software development lifecycle.
• Immediate organisational actions recommended by the NCSC include frequent patching, reducing attack surfaces, applying defence‑in‑depth, reviewing supply‑chain vulnerability policies, and continuous monitoring for compromise.

The Growing AI‑Powered Cyber Threat Landscape
Artificial intelligence is increasingly being recognised as a double‑edged sword for cyber security. Recent activity in the United States shows that advanced AI models can uncover and exploit software vulnerabilities far faster than human analysts or traditional automated tools. New Zealand’s cyber watchdog, the National Cyber Security Centre (NCSC), has warned that organisations must prepare for “a significant increase in vulnerabilities and incidents” as these frontier AI models mature. The NCSC is actively learning from US companies that are testing such models, seeking to understand both the risks and the potential defensive benefits they present.

Palo Alto Networks’ Alert Surge from Claude Mythos
One of the most striking demonstrations came from cybersecurity firm Palo Alto Networks, which tested Anthropic’s Claude Mythos model. The AI proved capable of detecting and exploiting years‑old software flaws with remarkable efficiency, prompting the firm to issue a couple of dozen security alerts in a single day—far above its usual rate of five or so alerts per month. This burst of alerts underscores how quickly an AI‑driven scanner can surface hidden weaknesses that have lingered in codebases for years, effectively compressing what would take months of manual testing into hours.

NCSC’s Engagement and International Briefings
Although New Zealand’s NCSC is not a participant in the exclusive US‑led Project Glasswing initiative, it maintains regular dialogue with partners and vendors involved in that programme. The NCSC recently briefed approximately 300 local cybersecurity specialists on frontier AI models, sharing insights gleaned from its collaborations with technology developers and preview‑model holders such as AWS, Cisco, CrowdStrike, Google, JPMorganChase, Microsoft, NVIDIA, and the Linux Foundation. These engagements aim to translate the rapidly evolving threat landscape into practical guidance for New Zealand organisations.

Project Glasswing and the Mythos Model
In April, Anthropic launched Project Glasswing to distribute its Mythos model to a select group of companies and government agencies—including the Pentagon—to evaluate whether the model could threaten critical‑infrastructure systems by exploiting zero‑day vulnerabilities. Zero‑day flaws are defects that have existed undetected since software’s release, leaving developers with “zero days” to prepare a fix. While the model’s hacking abilities emerged organically rather than being explicitly programmed, Anthropic warned that misuse could lead to severe economic, public‑safety, and national‑security consequences.

Broader Frontier Model Testing and Criticisms
Beyond Mythos, other frontier models under examination in the United States include Claude Opus 4.7 and OpenAI’s GPT‑5.5‑Cyber. Some analysts note that Mythos represents a new class of AI that can autonomously launch long‑running agents capable of persistent vulnerability hunting without constant human steering. Critics, however, contend that much of the hype may be marketing‑driven, pointing to reports that the model’s real strength lies in chaining together multiple low‑risk flaws—an approach dubbed “daisy‑chaining”—to create a single high‑risk exploit.

Real‑World Impact: Banks, China, and Government Briefings
The tangible effects of these AI capabilities surfaced quickly. On 12 May, Reuters reported that US banks were “rushing to plug cyber holes” flagged by Mythos. Shortly thereafter, The New York Times revealed that China had sought access to the model but was denied. On 14 May, cybersecurity outlet Nextgov highlighted a live demo given by Anthropic executives to a closed‑door briefing of the US Homeland Security Committee. By 20 May, Politico noted that the Pentagon was racing to weaponise frontier models—a striking turnaround given earlier disputes over the militarisation of AI—highlighting the urgency felt across defence circles.

Vulnerabilities, Mitigants, and the “Patch Wave”
The NCSC, situated within New Zealand’s Government Communications Security Bureau (GCSB), warned that as frontier AI models improve, they will reshuffle the cyber threat landscape by enabling malicious actors to locate and exploit vulnerabilities at unprecedented scale and speed. Echoing its UK counterpart, the NCSC anticipates a “vulnerability patch wave” that will force organisations to address decades of accumulated technical debt across open‑source, commercial, proprietary, and software‑as‑a‑service products. Anthropic itself acknowledges that the immediate transition period poses the greatest risk, while longer‑term AI deployment could ultimately aid defenders by producing more secure code from the outset and refining the software development lifecycle.

Practical Advice for Organisations
In response, the NCSC distils its guidance into four core actions that, while standard, must be executed with heightened urgency and consistency:

1. Patch frequently – Apply updates as soon as they become available, prioritising critical systems.
2. Reduce the attack surface – Disable unnecessary services, segment networks, and enforce least‑privilege access.
3. Apply defence‑in‑depth – Layer security controls (firewalls, intrusion detection, endpoint protection) so that failure of one layer does not lead to outright compromise.
4. Review supply‑chain vulnerability policies – Examine third‑party software and hardware for hidden flaws, and enforce rigorous vetting processes.
5. Continuously monitor for compromise – Deploy security information and event management (SIEM) tools, conduct regular threat‑hunting exercises, and maintain incident‑response readiness.

The NCSC emphasises that these measures are not novel, but the anticipated increase in AI‑driven discoveries demands that organisations accelerate their patch cycles, tighten configuration management, and bolster monitoring capabilities. By doing so, defenders can mitigate the immediate surge of exploits while positioning themselves to benefit from the long‑term security advantages that responsible AI development may eventually deliver.