Australian government agencies and private companies have been brought into a controlled-access program for an AI model that US developer Anthropic has kept off the open market, a development that lands against a backdrop of regulatory warnings and rising cyber incident volumes that predate the announcement.
The June 4 confirmation of Australia’s inclusion in Project Glasswing comes months after the Australian Prudential Regulation Authority (APRA) put regulated financial entities on notice over AI governance shortfalls and nearly a year after government data showed cyber incidents against Australian organisations on a sustained upward trajectory.
According to ABC, Anthropic added roughly 150 organisations across 15 countries to Project Glasswing, the program through which it distributes limited access to its Claude Mythos Preview model. Australian government bodies and domestic private companies are among those now included. Until this expansion, the program had been confined to the UK and US governments and around 50 American companies. The model is designed to find weaknesses in software and network infrastructure – a capability that makes it useful for defenders but potentially damaging if it reached the wrong hands. That is the stated reason Anthropic has not put it on general release.
The company said the new cohort includes operators in sectors such as energy, water, health care, and communications. “Many of the new partners are vendors – companies or non-profits that maintain code bases that are relied upon by lots of other organisations around the world, including governments. What each partner has in common is that a successful attack on their code base could be catastrophic,” Anthropic said, as reported by ABC. The expansion is understood to take in members of the NATO military alliance and the European Union, though Anthropic has not published a full list of participating organisations.
Before the expansion, Anthropic had already briefed officials from the Reserve Bank of Australia (RBA) and Treasury, along with 170 representatives from entities classified as Systems of National Significance – a category that covers banks, grocery chains, transport operators, and health services. The Australian Signals Directorate (ASD) said it welcomed Anthropic’s decision to “expand Project Glasswing to approximately 150 additional entities globally, including the Australian government and other Australian private companies.”
Anthropic chief executive Dario Amodei visited Canberra earlier this year and spoke to government officials about the technology’s role in geopolitics. “AI is a powerful technology. I don’t want autocracies to be militarily more powerful than democracies. I want to make sure democracies continue to have the upper hand,” Amodei said, as reported by ABC. That framing – democratic access to frontier AI as a strategic matter – has informed how Anthropic has structured access to Mythos, concentrating it initially among allied governments and companies before broadening the circle.
Running parallel to the access question is a separate concern: whether financial institutions have the internal structures to manage AI safely at all. APRA’s April 30 letter to all regulated entities laid out findings from a late-2025 review of selected large banks, insurers, and superannuation trustees and the picture it drew was one of adoption outrunning controls. Boards were found to have an appetite for AI’s commercial potential but limited capacity to interrogate the risks. Many lacked the technical grounding to push back on management or to assess what happens when AI models behave unpredictably or affect critical operations.
The review also found that some entities had built significant reliance on a single AI provider across multiple use cases, with insufficient fallback planning if that relationship broke down. A further issue was opacity: AI tools embedded within broader software platforms or developer environments meant entities often had limited visibility over how underlying models were trained, updated, or constrained – reducing their ability to assess and control the risks those models carried.
APRA member Therese McCarthy Hockey described the situation in direct terms. “The AI revolution presents tremendous opportunities for banks, insurers, and superannuation trustees to deliver improved efficiency and enhanced customer services. We are already beginning to see these benefits materialise. But we cannot be blind to the risks of such powerful technology – whether in our own hands or the hands of those with malign intent. What we’ve observed from our supervisory engagement is that while AI adoption is continuing apace, the systems and processes required to safely govern its use aren’t keeping up. Likewise, the speed at which entities can identify and patch vulnerabilities needs to operate much faster, commensurate with the AI-accelerated threat,” McCarthy Hockey said.
The regulator has not proposed new prudential standards at this stage. McCarthy Hockey said APRA expects “a significant improvement in how entities are closing the gaps between the power of the technology they are using and their ability to monitor and control it.” The letter also specifically named frontier AI models as a threat vector, warning that tools with Mythos-level capabilities could accelerate the discovery of vulnerabilities by malicious actors and lift both the frequency and scale of attacks.
The urgency in APRA’s letter maps on to trends documented by the Australian Signals Directorate. In FY2024-25, the ACSC handled more than 1,200 cyber security incidents – up 11% on the prior year – and took over 42,500 calls to the Australian Cyber Security Hotline, a 16% rise. For large businesses, the average self-reported cost of cybercrime per report reached $202,700, a 219% increase on the previous period. Critical infrastructure operators were notified of potential malicious activity targeting their networks more than 190 times over the same period, up 111% year-on-year. The ACSC’s annual threat report concluded that the spread of AI tools “almost certainly enables malicious cyber actors to execute attacks on a larger scale and at a faster rate.”
Independent Curtin MP Kate Chaney used the same week to release a discussion paper arguing the federal government had not moved fast enough on AI policy. “I think the government’s approach to AI is pretty hands-off. If we want to actually make the most of the opportunities, we are going to need to actually have safeguards in place to build the public trust in AI, and I think that requires a much more active approach than the government is taking,” Chaney said, as reported by ABC. The paper listed 18 policy priorities, including greater resourcing for the Australian AI Safety Institute and binding obligations around data centre energy and water consumption, which are currently non-binding expectations.
Assistant Technology Minister Andrew Charlton flagged a different kind of risk – public confidence. “Unless we can look an Australian family in the eye and tell them, truthfully, that data centres will not push up their power bills, will not threaten their water, and will not degrade their neighbourhood, this industry will spend the next decade on the back foot, fighting the same losing battle we are watching play out overseas,” Charlton said, as reported by ABC. The week’s developments converge on a single question: whether governance frameworks built for conventional technology risks are adequate for systems that can identify infrastructure vulnerabilities, accelerate attack timelines, and operate in ways that even their deployers may not fully understand.
