Skip to main content
TechnologyJun 3, 2026· 3 min read

Anthropic Moves Towards Opening Mythos to the EU, but Access is Not Yet Active

Over the weekend, Anthropic informed the European Commission of its intention to grant access to Claude Mythos to ENISA, the Union's cybersecurity agency. This model has autonomously identified over 10,000 high and critical severity zero-day vulnerabilities across all major operating systems and browsers. ENISA would be the first European institution admitted to Project Glasswing, the controlled-access program through which the company distributes the model to a select group of partners.

Until now, Mythos was reserved for about forty selected U.S. companies, some government entities, and more recently, UK financial institutions. The inclusion of a community agency extends the scope for the first time beyond the U.S.-UK axis.

According to the Commission, access has been offered, but the technical mechanism by which ENISA will be able to query the model, with the necessary security guarantees, is still to be developed. A spokesperson mentioned "several productive meetings" and welcomed "the latest developments regarding potential future access," without elaborating on the specifics. The agency itself stated it currently does not have operational access and is working to implement it.

Why Europe Has Pressured

The tug-of-war lasted weeks and became one of the most visible points of friction in technological relations between the two sides of the Atlantic. The push came from the finance ministers of the euro area, the European Central Bank (ECB), and several member states, after learning that Mythos had found flaws in software that banks, administrations, and critical infrastructure across the continent rely on daily, without any European institution being able to see those results.

The ECB summoned euro area banks to discuss the implications once it emerged that the model had identified vulnerabilities in widely used financial software in the eurozone. Every day without access was a day in which European agencies could not establish whether their systems were exposed or initiate corrections. The pressure from ministers, the Commission's direct initiative, and a trip by its officials to San Francisco last week seem to have shifted Anthropic's position.

An Open Issue

Individual member states will want their respective national agencies to see the results of Mythos, and the financial sector will push for direct access rather than mediated access through the community agency. In the background is the European AI Regulation, set to come into effect in August 2026: it governs how models are deployed in Europe but does not provide any tools to compel an American company to share its most powerful model with regulators on the continent, no matter how relevant its findings may be.

It’s not surprising, then, that this situation has reignited the discussion around European technological autonomy. BNP Paribas and Mistral have initiated the development of a continental alternative, a project likely to continue regardless of ENISA's access. On the competition front, OpenAI has launched its own initiative to identify vulnerabilities and generate patches, although for now, Mythos remains the benchmark.

The model is offered to Glasswing participants at $25 per million input tokens and $125 for output, and it is still unclear whether ENISA's access will be subject to commercial conditions or an agreement between governments.