Cortex was revealed at last year's election amid allegations of mass surveillance by US National Security Agency whistleblower Edward Snowden and journalist Glenn Greenwald.
The Prime Minister said a system called "Speargun", which aimed to access communications by tapping New Zealand's internet cable, had been canned because it was too intrusive and that a different system called Cortex was being developed.
While "Speargun" was designed to capture anything, Cortex was introduced as a defensive system which would be bolted onto critical infrastructure in the private and public sector and sniff out trouble in its online traffic. While Speargun played more to the GCSB's intelligence role, Cortex was cast as fitting with its comparatively benign cyber security job.
The details on the GCSB website say it is carrying out a "malware free networks" pilot with an ISP which could later be rolled out to others. It says it is not compulsory for ISPs to join and ISPs are obliged to tell customers their data is being screened.
However, it also says ISPs are not allowed to name the GCSB as being involved because doing so could give hackers a signpost to valuable targets.
It rejected any suggestion it is "mass surveillance", saying it had an automated searching function to sniff out malicious traffic.
However, it also conceded that a rare set of circumstances could lead to GCSB staff reading people's emails. In those cases, "all a GCSB analyst would be looking for in an email is evidence of malicious cyber activity".
It says Cortex protection is important in dealing with intellectual property theft and data theft - including credit cards, destruction or hacking of private communications, holding data for ransom or attacking IT services.
