EU welcomes OpenAI cybersecurity-model access offer; Anthropic in talks

TL;DR:

• The European Commission has welcomed an offer from OpenAI to provide open access to its cybersecurity model under a new EU Cyber Action Plan, but said rival Anthropic has yet to reach the same point in its discussions with Brussels.
• The OpenAI initiative is being headed by former UK Chancellor George Osborne, who leads the company’s “OpenAI for Countries” programme and has written to the Commission and member states explaining the plan.
• Resultsense view: this is a public divergence between the two leading frontier labs on how transparent to be with governments — and the figure carrying OpenAI’s message into Brussels is a British politician with deep European credibility, which is awkward timing for UK regulators choosing how closely to mirror the EU’s approach.

A Commission spokesperson said on Monday that while OpenAI has put forward a concrete offer of model access, four or five meetings with Anthropic have not yet reached the stage of discussing equivalent access. The contrast is the first time Brussels has so explicitly compared the cooperation posture of the two labs in public.

The Osborne factor

Osborne’s letter, sent to the Commission and EU member states, frames the EU Cyber Action Plan as a way of “democratising access to the defensive tools that trusted actors can use to strengthen shared security”. His involvement gives OpenAI a credible UK-and-European political face for what is otherwise a US vendor proposal, and follows the Commission’s recent decision to treat ChatGPT as a large online search engine under the Digital Services Act — a regulatory step that materially raised OpenAI’s compliance load in the bloc.

What it means for UK firms

UK regulators have repeatedly said they will diverge from the EU AI Act where it makes sense for British competitiveness. The pattern emerging in Brussels — frontier labs voluntarily offering model access in exchange for goodwill on enforcement — is one the UK could plausibly copy through AISI, the UK AI Security Institute. It could equally choose not to, leaving UK financial services and critical infrastructure with less direct visibility into the cybersecurity behaviour of the models they will buy.

For UK SMEs depending on either lab’s cyber-defensive products, the immediate read-across is that OpenAI’s tooling will get more EU-influenced safety review, and Anthropic’s products will not, at least for now.

Looking forward

Expect Anthropic to respond, either by stepping up its own engagement with the Commission or by publicly explaining why it views the OpenAI route as the wrong governance model. For Westminster, the question is whether the UK quietly negotiates an equivalent arrangement with both labs through AISI, or accepts a path where the EU sets the de facto frontier-AI cybersecurity baseline that UK buyers then default to.