EU regulators welcome Anthropic’s staged rollout of Claude Mythos
TL;DR: The European Commission has publicly endorsed Anthropic’s decision to defer the general release of Claude Mythos after internal testing found the model outperforms most humans at exploiting software vulnerabilities. The EU’s AI Office is in active dialogue with Anthropic on implementation. This marks one of the first instances of a major AI regulator explicitly praising a voluntary deployment delay, potentially setting a template for how frontier models with dual-use capabilities reach market.
European Commission spokesperson Thomas Regnier told Politico that regulators welcome Anthropic’s staged approach “given the model’s potential for large-scale cyber risk.” The endorsement follows Anthropic’s decision to share Mythos with 12 cybersecurity firms and over 40 additional organisations for defensive purposes before any broader release.
Regulatory framework in action
Under the EU’s AI Act, Anthropic qualifies as a developer of a general-purpose AI model and is required to ensure its products meet an “adequate level of cybersecurity protection.” The company has also signed up to an EU code of practice that mandates addressing “risks from enabling large-scale sophisticated cyberattacks.”
Regnier confirmed the AI Office is in dialogue with Anthropic on how to meet these requirements, though he declined to share details, describing the discussions as “commercially sensitive.”
The EU’s response stands in contrast to the UK’s lighter-touch regulatory approach. While Britain’s AI Safety Institute conducts pre-release evaluations of frontier models, it operates on a voluntary basis without the binding obligations the EU framework imposes. For UK policymakers watching the Mythos rollout, the question is whether voluntary cooperation can achieve comparable outcomes to the EU’s mandated approach.
Looking forward
The staged deployment of Mythos may become a reference point for how regulators and AI companies manage models with significant offensive capabilities. If the EU’s endorsement encourages other frontier labs to adopt similar phased releases, it could shift industry norms around responsible deployment — particularly for models that blur the line between security research and offensive tooling.