Anthropic Offers EU ENISA Access to Mythos After San Francisco Talks
Abhishek Gautam11 min readQuick summary
Anthropic invited EU cyber agency ENISA to access Mythos via Project Glasswing after Commission talks in San Francisco. Terms still pending; EU AI Act August 2026.
Read next
- China AI Trade Secret Law: Algorithms and Datasets Protected June 1
- OpenAI Launches Rosalind Biodefense for GPT-Rosalind Life Sciences AI
Anthropic has offered the European Union's cyber agency ENISA access to Claude Mythos through Project Glasswing — ending weeks of blocked access after EU Commission officials met executives in San Francisco and pressed for the same defensive visibility US partners already had on a model tied to 10,000+ high-severity vulnerabilities.
Commission spokesperson Thomas Regnier said Monday the bloc welcomes "potential future access" while ENISA told reporters conditions are still being agreed — including safeguards on how much of Europe's systems Mythos can probe.
What Did Anthropic Offer the EU?
Mythos is Anthropic's restricted cybersecurity AI (April 2026) that autonomously finds and exploits software weaknesses — not a public chatbot. Project Glasswing is the controlled-access program for vetted orgs to patch before criminals weaponize findings.
The June 2026 offer makes ENISA (Athens-based EU cybersecurity agency) the first EU institution in Glasswing, per POLITICO, CNBC, and The Hindu reporting after Bloomberg broke the invitation.
| Party | Status (June 2026) |
|---|---|
| Anthropic | Formal invite to ENISA after SF meetings |
| European Commission | "Several productive meetings"; wants risk picture |
| ENISA | No active access yet; implementing mechanism |
| Terms | Security safeguards, scope of EU system access — TBD |
Earlier Glasswing partners included Amazon, Apple, Microsoft, JPMorgan, and UK AI Security Institute — Europe had argued it faced months of disadvantage vs US firms.
Why the EU Pushed So Hard
Mythos launched with Anthropic's warning that it outperforms most humans on offensive security tasks — triggering fear of mass critical-infrastructure hacks if leaked to adversaries.
European politicians and cyber officials demanded access because:
- Findings affect EU codebases — Linux, browsers, OSS stacks used in banks and governments globally.
- EU AI Act full enforcement lands August 2026 — regulates deployment in Europe but does not compel a US firm to share a frontier model with regulators.
- Geopolitical parity — CNBC reported the EU sought US administration permission; sources said Washington was reluctant to share frontier cyber AI with non-US governments.
OpenAI already granted the Commission access to GPT-5.5-Cyber in May 2026 — Anthropic talks were at a "different stage" until this week's breakthrough.
Cross-read White House blocked Mythos expansion, Glasswing 150 orgs, and Mythos zero-day patch list.
What Developers Should Watch
Patch velocity: If ENISA runs Mythos against EU-critical stacks, expect coordinated disclosure pressure on vendors serving European banks, telcos, and energy — similar to US Glasswing waves.
Access inequality: Mythos remains non-public. Your defense is still patch cadence, SBOM hygiene, and Claude Mythos developer patch guide — not waiting for EU access to reach your repo.
Competition: Same week, press noted OpenAI cyber models and EU plans for a formal action plan on powerful hacking AIs before the summer break.
For enterprise agent spend context, see $500M Claude bill and LLM API Pricing.
Key Takeaways
- June 2026: Anthropic invited ENISA to Mythos / Glasswing after San Francisco Commission meetings
- ENISA is poised to be first EU institution with Mythos access; terms and safeguards still negotiating
- EU cited risk assessment on a model linked to 10,000+ severe vulns; US partners had earlier access
- EU AI Act (Aug 2026) regulates use in bloc but cannot force US model sharing — access is diplomatic
- For developers: expect EU-driven disclosure pressure; keep patching — Mythos findings are global
Sources
FAQ
Frequently Asked Questions
Is ENISA using Anthropic Mythos now?
As of early June 2026, ENISA does not have active Mythos access yet. Anthropic has offered access through Project Glasswing, and the European Commission confirmed productive talks, but ENISA said conditions and security safeguards are still being agreed.
What is Anthropic Mythos?
Mythos is Anthropic's restricted cybersecurity-focused Claude model announced in April 2026. It can autonomously find and exploit software vulnerabilities and is distributed only through Project Glasswing to vetted organizations, not the public.
Why did the EU want access to Mythos?
European officials feared critical infrastructure risk if only US partners could use Mythos to find vulnerabilities first. The EU AI Act regulates AI deployment in Europe but does not require American companies to share frontier models with EU agencies.
How is EU Mythos access different from OpenAI cyber models?
The European Commission reportedly gained access to OpenAI's GPT-5.5-Cyber model in May 2026. Anthropic Mythos access was negotiated separately and advanced after Commission officials met Anthropic in San Francisco in late May 2026.
Free Weekly Briefing
The AI & Dev Briefing
One honest email a week — what actually matters in AI and software engineering. No noise, no sponsored content. Read by developers across 30+ countries.
No spam. Unsubscribe anytime.
More on AI Models
All posts →China AI Trade Secret Law: Algorithms and Datasets Protected June 1
China SAMR trade secret rules effective June 1, 2026 classify AI algorithms, datasets, and code as protected secrets. Fines up to 5M yuan; strict cross-border access logs.
OpenAI Launches Rosalind Biodefense for GPT-Rosalind Life Sciences AI
OpenAI announced Rosalind Biodefense on May 29, 2026 — sponsored GPT-Rosalind access for vetted developers building pandemic detection, screening, and countermeasure tools.
Iran Black Shadow Used ChatGPT to Wipe US, Mideast IT Systems
Gambit Security links Iran MOIS group Black Shadow to June 2026 destructive campaign in US, Israel, Saudi Arabia, Turkey. Attackers used ChatGPT to refine wipe scripts.
Gemini 3.1 vs Claude Sonnet 4.6 vs GPT-5.3 Codex: Developer Benchmark Comparison March 2026
Gemini 3.1 Pro, Claude Sonnet 4.6, and GPT-5.3 Codex all dropped within weeks of each other in early 2026. Here's how they actually compare on coding benchmarks, context windows, API pricing, and which model to use for what — a developer-first breakdown with real numbers.
Written by
Software Engineer based in Delhi, India. Writes about AI models, semiconductor supply chains, and tech geopolitics — covering the intersection of infrastructure and global events. 795+ posts cited by ChatGPT, Perplexity, and Gemini. Read in 164 countries.