{"id":219557,"date":"2026-05-24T05:20:00","date_gmt":"2026-05-24T09:20:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/24\/nz-at-wild-frontier-of-ai-superhacking\/"},"modified":"2026-05-25T04:35:23","modified_gmt":"2026-05-25T08:35:23","slug":"nz-at-wild-frontier-of-ai-superhacking","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/24\/nz-at-wild-frontier-of-ai-superhacking\/","title":{"rendered":"NZ at wild frontier of AI superhacking"},"content":{"rendered":"<p><a href=\"https:\/\/www.rnz.co.nz\/news\/science-and-technology\/596203\/nz-at-wild-frontier-of-ai-superhacking\">NZ at wild frontier of AI superhacking<\/a><\/p>\n<p><a href=\"https:\/\/www.rnz.co.nz\/news\/science-and-technology\/596203\/nz-at-wild-frontier-of-ai-superhacking\">https:\/\/www.rnz.co.nz\/news\/science-and-technology\/596203\/nz-at-wild-frontier-of-ai-superhacking<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-24 05:20:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.rnz.co.nz\">www.rnz.co.nz<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>The rise of artificial intelligence is a growing threat to cyber security<br \/>\nPhoto: 123RF<\/p>\n<p>New Zealand&#8217;s cyber watchdog says it is learning from the US companies who are testing superhacking AI models that have sent US banks rushing to plug holes, and sparked briefings with the Department of Homeland Security.<br \/>\nHeavyweight cyber security firm Palo Alto Networks said its tests on the AI model Claude Mythos found it could detect and exploit years-old software flaws so fast and effectively that the company last week issued a couple of dozen security alerts in a single day, when it usually issues only five or so a month.<br \/>\nThe National Cyber Security Centre (NCSC) in New Zealand has warned to get ready for &#8220;a significant increase in vulnerabilities and incidents&#8221;.<br \/>\n&#8220;The NCSC recognises the risks and opportunities presented by these new tools and is responding with a number of related workstreams,&#8221; it told RNZ.<br \/>\nIt recently briefed 300 local cybersecurity specialists about so-called &#8216;frontier&#8217; AI models.<br \/>\nIn April, Mythos&#8217;s creator Anthropic set up what it called Project Glasswing to release the model to a small group of companies and agencies, including the Pentagon, to test if it could threaten systems behind critical infrastructure by exploiting the likes of &#8216;zero-day&#8217; vulnerabilities &#8211; so-called because they have existed undetected in code from when software was released, leaving developers &#8216;zero days&#8217; to prepare a fix.<br \/>\nSome of this small group are outside the US, but New Zealand&#8217;s NCSC is not in it.<br \/>\n&#8220;The NCSC is not part of Glasswing but we are talking regularly with a range of partners and vendors, including some who are involved with Glasswing, so that we can understand the landscape and provide meaningful advice and guidance on the implications of frontier AI,&#8221; it told RNZ.<br \/>\nThe NCSC said it was engaging with tech companies including developers of frontier models and companies that have had access to preview models like Mythos.<br \/>\nOther frontier models being tested in the US include Claude Opus 4.7 and OpenAI&#8217;s GPT-5.5-Cyber.<br \/>\nAnthropic said Mythos&#8217;s hacking abilities just emerged &#8211; they were not designed-in &#8211; and warned the fallout across economies, public safety and national security could be &#8220;severe&#8221; if the tool were to fall into the wrong hands.<br \/>\nCritics have said this might just all be marketing hype. Other reports suggested the small group&#8217;s testing was showing Mythos was expert at chaining together lower-risk vulnerabilities &#8211; &#8220;daisy-chaining&#8221; it is called &#8211; into a high-risk vulnerability.<br \/>\nAnalysts have said Mythos is of a type of new AI that feels different because it is capable of setting loose its own long-running agents that don&#8217;t need constant human steering.<br \/>\nOn 12 May, Reuters reported that US banks were &#8220;rushing to plug cyber holes&#8221; flagged by Mythos.<br \/>\nThe New York Times said China, foreseeing a threat, had asked for access to Mythos but been denied.<br \/>\nTwo days later, cybersecurity news website Nextgov said Anthropic executives had given a live demo to a closed-door briefing of a US Homeland Security Committee.<br \/>\nAnd on 20 May, https:\/\/www.politico.com\/news\/2026\/05\/20\/nsa-cyber-command-ai-task-force-mythos-00930786 Politico reported] that the Pentagon was racing to weaponise frontier models &#8211; ironic as it had been freezing Anthropic out in a dispute over weaponising AI. &#8220;The initiative &#8230; underscores the Pentagon&#8217;s concerns about the sudden emergence of private sector-built AI models that can unearth security flaws in digital systems faster than the world&#8217;s best hackers,&#8221; Politico said.<br \/>\nThe group that has been allowed access to Mythos includes AWS, Cisco, CrowdStrike, Google, JPMorganChase, Microsoft, NVIDIA, Palo Alto Networks, and the Linux Foundation.<br \/>\nVulnerabilities and mitigants<br \/>\nNew Zealand&#8217;s NCSC sits within the Government Communications Security Bureau (GCSB) spy agency.<br \/>\nIt told RNZ that as frontier models improve, &#8220;they will change the cyber threat landscape for organisations because of the ability for malicious actors to find and exploit vulnerabilities at unprecedented speed and scale&#8221;.<br \/>\nIts UK counterpart &#8211; also known as the National Cyber Security Centre &#8211; told organisations there to prepare for a &#8220;vulnerability patch wave&#8221;.<br \/>\n&#8220;Organisations must act now to prepare for a wave of patches that will address decades of technical debt,&#8221; it said, warning that AI was &#8220;showing the ability to exploit this technical debt at scale and at pace across the technology ecosystem. As a result, the NCSC [UK] expect there will be a &#8216;forced correction&#8217; to address this technical debt across all types of software, including open source, commercial, proprietary and software as a service.&#8221;<br \/>\nAnthropic said the big threats existed in this patch-up transition phase, and that long-term advanced models would benefit defenders more.<br \/>\nNew Zealand&#8217;s NCSC echoed that, saying in the medium to long term, frontier AI &#8220;offers the promise of more secure software code from the outset and a better software development lifecycle.&#8221;<br \/>\nIt added it was engaged with critical infrastructure providers, tech firms and international government partners to drive resilience and preparedness, and had several times put out guidance.<br \/>\nIn summary, the advice to organisations is to:<\/p>\n<p>Patch frequently<br \/>\nReduce the &#8220;attack surface&#8221; and apply defence in depth<br \/>\nReview the vulnerability management policies of software and system supply chains.<br \/>\nFrequently monitor for potential compromise.<\/p>\n<p>&#8220;These are all standard practices, but organisations need to do them more quickly and more consistently,&#8221; the NCSC said.<br \/>\nThe &#8216;patch wave&#8217; would not be business as usual.<br \/>\n&#8220;As a result of frontier AI products we anticipate organisations need to prepare for a significant increase in vulnerabilities and incidents. We&#8217;ve already started delivering advice to help organisations prepare.&#8221;<br \/>\nSign up for Ng\u0101 Pitopito K\u014drero, a daily newsletter curated by our editors and delivered straight to your inbox every weekday.<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>NZ at wild frontier of AI superhacking https:\/\/www.rnz.co.nz\/news\/science-and-technology\/596203\/nz-at-wild-frontier-of-ai-superhacking Publish Date: 2026-05-24 05:20:00 Source Domain: www.rnz.co.nz&#8230;<\/p>\n","protected":false},"author":1,"featured_media":219558,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/media.rnztools.nz\/rnz\/image\/upload\/s--7GlLZhGj--\/t_tohu-badge-facebook\/v1779578955\/4JO4PFC_227366900_l_jpg?_a=BACCd2AD","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,20,24,31,27],"class_list":["post-219557","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-artificial-intelligence","tag-cybersecurity","tag-exploit","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/219557"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=219557"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/219557\/revisions"}],"predecessor-version":[{"id":219559,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/219557\/revisions\/219559"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/219558"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=219557"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=219557"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=219557"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}