Anthropic offers EU access to Mythos cyber AI model

TL;DR:

  • Anthropic has offered the European Union access to Mythos, the first time the powerful cyber security model has been extended beyond the US and UK.
  • The EU’s cyber security agency, Enisa, has confirmed it is in talks, though the conditions are still being negotiated.
  • Access would come through Project Glasswing, the mostly US industry coalition that has used Mythos since April to find and patch vulnerabilities.

The offer marks a measured loosening of the tight restrictions Anthropic has placed on a tool capable enough to be treated as a potential cyber weapon. European Commission officials travelled to San Francisco last week to negotiate, and the Commission confirmed “productive meetings”, calling expanded access a matter of “utmost importance” for understanding the risks.

A guarded expansion

Anthropic initially confined Mythos to a small group of critical-infrastructure firms — among them Microsoft, Apple, JPMorgan and CrowdStrike — and has worked closely with the US government on sensitive deployments. Outside the US, only the UK had gained access, via its AI Security Institute, which evaluated the model before rollout. Key terms for the EU remain unsettled, including how much visibility into the bloc’s own systems Anthropic would obtain while Mythos runs.

The move sits alongside a sharply different approach from OpenAI, which is opening its rival GPT-5.5 Cyber tool to banks across the UK, EU, Japan and Canada. Chief executive Dario Amodei has framed Anthropic’s caution in geopolitical terms, telling the FT earlier this year he wanted allied democracies to use the technology defensively but not “turned on our own people”. The company says Mythos-class models need stronger safeguards before general release, which it expects within weeks.

Looking forward

For UK and European institutions, the negotiations signal that access to the most capable cyber-AI tools will be governed as much by diplomacy and trust as by commercial terms. How the EU’s conditions land — particularly on reciprocal system access — will set a precedent for how governments balance the defensive upside of these models against the risks of handing a US firm deep visibility into critical infrastructure.