Anthropic Mythos opens to Australian cyber defenders

Anthropic has given Australian government and critical-infrastructure defenders access to its restricted Claude Mythos Preview model, shifting its AI-safety work with Canberra into a live cyber-defence trial.

Project Glasswing is being widened to about 150 more organisations across 15 countries, including Australian agencies and private-sector operators, according to ABC News. The offer is a controlled deployment, aimed at organisations whose software, networks or infrastructure would create wider public risk if compromised.

Canberra’s place in the rollout traces back to the March memorandum of understanding between Anthropic and the federal government on AI safety, research and evaluation. Anthropic said then it would support $3 million in partnerships with Australian research institutions and work with officials on model testing. Chief executive Dario Amodei cast Australia as a preferred partner because of that policy work.

“Australia’s investment in AI safety makes it a natural partner for responsible AI development.”
Dario Amodei, Anthropic

For cyber teams, Mythos is being presented as a system for finding, reasoning about and defending against software vulnerabilities, rather than a general chatbot. The Australian Signals Directorate has warned separately that frontier AI models are changing the cyber environment, with defenders and malicious actors likely to use more capable systems. Its frontier-model guidance says agencies and organisations need to understand how these systems can affect vulnerability discovery, exploitation and defensive operations.

Why the rollout is restricted

Claude Mythos Preview remains outside broad public access. Under Project Glasswing, Anthropic has been giving selected infrastructure, security and government partners access before any wider release. TechCrunch reported that the April phase involved about 50 initial partners, before the programme was opened to a larger global cohort.

Security explains the staging. A model that helps defenders review code, map attack paths or test patches could also lower the skill barrier for attackers if released without controls. Anthropic says the first users should be organisations whose own systems sit close to critical services.

“What each partner has in common is that a successful attack on their codebase could be catastrophic.”
Anthropic statement, reported by ABC News

The Australian Financial Review reported that Australian access is being offered through a security-review lens, rather than as an open commercial rollout. For agencies and critical-infrastructure operators, that means early exposure to a model designed for high-risk code and security work while access stays inside a partner network.

What Australian agencies get from it

Evaluation is likely to come before automation. Government cyber teams can test how Mythos performs on vulnerability triage, secure-code review, incident preparation and defensive analysis against Australian operational requirements. Private operators in energy, telecommunications, finance and cloud services can also judge whether a frontier model adds useful speed without creating new data-handling or dependency risks.

An Australian Signals Directorate spokesperson told ABC News the expansion would “expand Project Glasswing to approximately 150 additional entities globally, including the Australian government and other Australian private companies”. The wording points to a mixed cohort, not a Canberra-only deployment.

Early users will be measuring fit as much as capability. Sensitive source code, incident telemetry and critical-infrastructure architecture are not ordinary prompts. Any useful deployment will need controls around data retention, access logging, human review and the hand-off between AI-generated analysis and operational decisions.

The rollout also gives Australia a seat in the argument over first access to powerful AI systems. Governments want early visibility before models reach the public. Model developers want trusted partners to test risky capabilities. Critical-infrastructure owners want defensive tools without sending sensitive code or telemetry into systems they cannot govern.

For Anthropic, the Australian deployment extends a relationship already framed around safety research. For Canberra, it tests whether AI-safety agreements can produce operational cyber capability rather than another policy paper. The harder test is whether Australian defenders can use Mythos on real systems, under real constraints, without expanding the attack surface they are trying to protect.