Anthropic has extended an invitation to the European Union's cyber agency, ENISA, to access its cybersecurity AI, Mythos, through Project Glasswing, following discussions in San Francisco. This development comes after a period of restricted access, as EU officials sought similar visibility on vulnerabilities that U.S. partners had already gained.
Mythos, which is designed to autonomously identify and exploit software vulnerabilities, is not a public tool but part of a controlled-access program aimed at allowing vetted organizations to address issues before they can be exploited by malicious actors. ENISA's potential access marks a significant step, making it the first EU institution to be included in the Glasswing initiative, which previously involved major tech firms like Amazon and Microsoft.
The push for access stems from concerns that Mythos could significantly impact critical infrastructure if misused, as it reportedly outperforms human capabilities in offensive security tasks. The urgency is heightened by the upcoming enforcement of the EU AI Act in August 2026, which will regulate AI deployment within Europe but does not compel U.S. firms to share their models.
As discussions continue regarding the terms of access, developers should prepare for increased pressure to disclose vulnerabilities, particularly if ENISA begins using Mythos against essential EU codebases. The ongoing negotiations highlight the geopolitical dynamics at play, as the EU seeks to level the playing field with U.S. cybersecurity capabilities.