The kill switch is real
At 5:21pm ET on June 12, the US Commerce Department ordered Anthropic to immediately disable access to its most powerful AI models, Fable 5 and Mythos 5, for all foreign nationals worldwide. No grace period. No transition window. The directive covered foreign nationals inside the US and Anthropic’s own non-citizen employees. The company complied by disabling the models for everyone. Less powerful Claude models remain available, but the frontier capabilities that businesses have been building workflows around vanished overnight.
Any New Zealand firm that had embedded Fable 5 or Mythos into fraud detection, compliance automation, content generation, or customer-facing products discovered that their critical tooling runs on borrowed access.
Even our cyber defence agency rents its capability
The timing is particularly uncomfortable for Wellington. The same week, RNZ reported that NZ’s National Cyber Security Centre had been granted special access to Mythos through Project Glasswing, a 150-organisation global collaboration. Deputy Director-General Cyber Security Catriona Robinson said the NCSC’s expectation is that it “will use the Glasswing Access to improve our understanding of the evolving cyber threat landscape.”
Read that again. New Zealand’s premier cyber defence agency, housed within the GCSB, depends on privileged access granted at Washington’s discretion. Had the export control been drawn more broadly, or had the NCSC not been included in Glasswing, the country’s national cyber security capability would have been directly impaired. The agency tasked with defending NZ’s digital sovereignty does not itself have digital sovereignty.
The warnings were already on the table
This was not unforeseeable. In April, University of Auckland researchers Alex Sims and Dulani Jayasuriya published analysis after the Pentagon formally declared Anthropic a supply-chain risk. Their conclusion was direct: “When even the most safety-focused AI companies face commercial and geopolitical pressure to adjust their governance frameworks, this raises questions for smaller markets like New Zealand about whether voluntary reliance on US company policies is a sufficient long-term strategy.”
They identified financial services as particularly exposed. AI already affects lending decisions, fraud detection, credit scoring, and anti-money laundering compliance. When the underlying model’s governance can shift overnight, explainability guarantees demanded by regulators become impossible to maintain.
NBR flagged the structural risk in March, connecting the Pentagon-Anthropic standoff to broader questions about whether smaller markets can rely on voluntary governance from US AI companies under direct government pressure. Three months later, the risk materialised.
Data centres are not sovereignty
New Zealand is in the middle of a data centre investment boom that politicians are happy to present as a sovereignty solution. Datagrid’s $3.4 billion Southland facility has received fast-track approval. AWS has announced a multi-billion-dollar Auckland investment.
But local data centres keep data onshore. They do not change who controls the AI models running on that infrastructure. The compute may sit in Southland; the model weights, training decisions, and kill switch remain in San Francisco. As one expert told RNZ: “Many, many countries are being left behind in terms of sovereignty over this infrastructure.”
In July 2025, the University of Auckland’s ALTeR research centre argued that NZ’s adoption-focused AI strategy consigns the country to permanent technological dependency, noting that virtually every other developed nation was actively building domestic AI capabilities.
A $23.8 billion sector built on someone else’s platform
The stakes are not abstract. In 2025, NZTech reported the sector contributed $23.8 billion to GDP, representing 8% of the national economy and making tech the country’s third-largest export earner at $11.4 billion. Almost all of that growth has been built on adoption of foreign platforms.
New Zealand has no standalone AI legislation. No dedicated AI regulator. Technology risk is managed through the Algorithm Charter, the Privacy Act, and general human rights protections. That governance framework was designed for a world where access to frontier AI was stable and commercially guaranteed.
June 12 proved it is neither. The directive required immediate compliance from the moment it was received. Businesses that had not mapped their AI dependencies or maintained fallback options had zero time to respond. Banks running frontier models for fraud detection, law firms using them for document analysis, SaaS companies embedding them in client products, all discovered the same thing: they do not control their own critical tools.
The policy response NZ needs is not another adoption strategy or another data centre ribbon-cutting. It is an honest reckoning with the fact that a $23.8 billion sector and the country’s own cyber defence agency operate on access that can be revoked by a foreign government in an afternoon, without consultation, without warning, and without exception for allies.
Sources
- Anthropic disables Fable and Mythos AI models following U.S. government export ban (2026-06-13)
- NZ gets access to hacking Mythos AI as Trump shores up national security on AI (2026-06-13)
- AI clash raises important questions for New Zealand (2026-04-01)
- A new AI report is shocking – but not to the experts (2026-06-13)
- New Zealand Tech Sector Key Metrics Report 2024 (2025-09-05)
- New Zealand’s Strategy on AI: Three Fallacies (2025-07-20)