Podcast Episode
The specific conditions and timeline for ENISA's access have not yet been disclosed. Until now, access to Mythos had been limited to roughly 40 vetted US companies, select government entities, and organisations in the UK, Japan and Australia.
The decision to restrict access was driven by security concerns rather than commercial considerations. Some cybersecurity professionals have questioned whether Mythos represents a genuine leap forward, with Jaya Baloo, COO and CISO of cyber firm Aisle, arguing that smaller open-source models can replicate many of the same vulnerability discoveries.
Anthropic Grants EU Cybersecurity Agency Access to Restricted Mythos AI
June 2, 2026
0:00
5:23
Anthropic has agreed to give the European Union's cybersecurity agency, ENISA, access to its tightly restricted Claude Mythos model, making it the first EU institution to join the controlled-access Project Glasswing. The model can autonomously discover and exploit software vulnerabilities, succeeding at expert-level cyber challenges 73% of the time, and access had previously been limited to roughly 40 vetted organisations across the US, UK, Japan and Australia.
A Powerful AI Joins Europe's Cyber Defences
Anthropic has agreed to give the European Union's cybersecurity agency, ENISA, access to its restricted Claude Mythos model. The move makes ENISA the first EU institution to gain entry to an AI system capable of autonomously discovering and exploiting software vulnerabilities. The decision, communicated to the European Commission over the weekend, brings an end to weeks of tense negotiations between the AI company and European officials.Project Glasswing Opens to Europe
ENISA will join Project Glasswing, Anthropic's controlled-access initiative that allows vetted organisations to test the model's capabilities before any broader release. The European Commission confirmed it has had "several productive meetings" with Anthropic regarding the arrangement. Thomas Regnier, a spokesperson for EU tech sovereignty, said the bloc is "seeking to gain a clearer understanding of the possible risks associated with the technology."The specific conditions and timeline for ENISA's access have not yet been disclosed. Until now, access to Mythos had been limited to roughly 40 vetted US companies, select government entities, and organisations in the UK, Japan and Australia.
A Model Too Powerful to Release Publicly
Anthropic announced Claude Mythos Preview on 7 April but declined to release it publicly. Testing by the UK's AI Safety Institute found that the model could execute multi-stage attacks on vulnerable networks and discover exploits autonomously, tasks that would take human professionals days, succeeding at expert-level cyber challenges 73% of the time. Anthropic has said the model can identify previously unknown zero-day vulnerabilities in real-world software.The decision to restrict access was driven by security concerns rather than commercial considerations. Some cybersecurity professionals have questioned whether Mythos represents a genuine leap forward, with Jaya Baloo, COO and CISO of cyber firm Aisle, arguing that smaller open-source models can replicate many of the same vulnerability discoveries.
Broader Implications
The EU had been pressing for inclusion in Glasswing for weeks amid growing concern that exclusion left European infrastructure without access to the same defensive tools available to US and allied institutions. The arrangement arrives as European financial institutions grow increasingly alarmed: banks have moved to strengthen their defences, and central bankers have warned that advanced AI can now identify and exploit flaws faster than institutions can patch them. Anthropic declined to comment publicly on the arrangement.Published June 2, 2026 at 9:05pm
