Washington · June 4, 2026
Anthropic has formally invited the European Union Agency for Cybersecurity, ENISA, to join Project Glasswing, the company's restricted program governing access to its Claude Mythos AI vulnerability-discovery model, according to multiple reports confirmed by a European Commission spokesperson. European Commission spokesperson Thomas Regnier confirmed the development, stating that the Commission had "several productive meetings" with Anthropic and welcomed "the latest developments on potential future access." The invitation, extended after a meeting in San Francisco in late May, makes ENISA the first European entity admitted to the program. The arrangement is not yet fully in place. Anthropic and the European Commission are still negotiating the terms and conditions that will govern how ENISA interacts with the model in a mutually acceptable manner.
Anthropic unveiled Claude Mythos Preview on April 7, 2026, and declined to release it to the general public, citing its offensive potential. The company described Mythos as a general-purpose, unreleased frontier model that "reveals a stark fact: AI models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities." Anthropic reports that the model has identified more than 23,000 potential vulnerabilities across more than 1,000 open-source software projects, of which 1,900 have been reviewed by external security firms and 1,726 confirmed, including over 1,000 rated high or critical severity. Anthropic's red team and the United Kingdom's AI Security Institute jointly reported that Mythos found thousands of zero-day vulnerabilities in major operating systems, web browsers, and other applications. To manage access, Anthropic launched Project Glasswing in April 2026 as a coalition of over 40 organizations, including Amazon, Apple, Microsoft, Google, and the Linux Foundation, with participants permitted to use Mythos exclusively for defensive purposes.
ENISA's admission makes it the first European organization admitted to Project Glasswing, a program that has so far been limited to roughly 40 U.S.-based companies and the UK's AI Security Institute. European officials had pressed for access for weeks while American agencies moved ahead. The National Security Agency is using Mythos Preview despite top officials at the Department of Defense insisting Anthropic is a "supply chain risk," according to two sources cited by Axios. The Pentagon moved in February to cut off Anthropic and force its vendors to follow suit, a case that remains ongoing, while the military broadened its use of Anthropic's tools simultaneously arguing in court that those tools threaten U.S. national security. That litigation arose after Anthropic refused a Pentagon demand that Claude be made available for, among other uses, autonomous weapons development. On March 24, the Northern District of California granted Anthropic a preliminary injunction, finding that the Pentagon's actions were not designed to protect national security but to punish Anthropic for refusing the contract. Separately, Anthropic CEO Dario Amodei met White House Chief of Staff Susie Wiles and Treasury Secretary Scott Bessent to discuss governmental use of Mythos and Anthropic's broader security practices.
The EU's exclusion from early access carried regulatory as well as operational weight. Beginning Aug. 2, under the EU AI Act, the European Commission acquires full enforcement powers, including the authority to demand access to AI models and legally compel providers to implement risk-mitigation measures for their most advanced systems. The European Commission has described direct visibility into Mythos as essential not only for understanding the model specifically, but for building institutional capacity to assess the wave of similarly capable models expected to follow it. The Commission's spokesperson framed the access question as part of a broader allied coordination effort. Regnier warned that Mythos is "not one off" and that "a new wave of powerful models are coming to the market," adding that the Commission is "intensifying discussions with like-minded partners, including the United States."
A structural tension persists: Anthropic's security-led restricted access model has given priority to a small, mostly U.S.-based coalition, while EU public authorities have had limited direct leverage or visibility over the system's behavior. The formal terms of ENISA's access remain undisclosed, and it is unclear whether Anthropic will extend Glasswing membership to other EU member-state cybersecurity agencies or to the European Commission itself. A source close to the matter told Agence Europe that negotiations now concern the arrangements needed to guarantee "secure access" on the European side, with the priority being to "agree on terms and conditions for future access" and to "put in place an appropriate framework guaranteeing secure access to the model." How quickly those terms are finalized will determine whether ENISA can begin vulnerability research before the AI Act's August enforcement window opens.
References
[1] Dark Reading. (2026, June 2). Anthropic to Open Mythos AI to EU's ENISA. https://www.darkreading.com/cyber-risk/anthropic-mythos-ai-eu-enisa
[2] Bloomberg. (2026, June 1). Anthropic to Give Mythos Access to EU Cybersecurity Agency ENISA. https://www.bloomberg.com/news/articles/2026-06-01/anthropic-to-give-eu-s-cybersecurity-agency-access-to-mythos
[3] Anthropic. (2026, April 7). Project Glasswing: Securing critical software for the AI era. https://www.anthropic.com/glasswing
[4] SecurityWeek. (2026, May 21). Anthropic: Mythos Detected 23,000 Potential Vulnerabilities Across 1,000 OSS Projects. https://www.securityweek.com/anthropic-mythos-detected-23000-potential-vulnerabilities-across-1000-oss-projects/
[5] The Conversation. (2026, May 4). Mythos AI is a cybersecurity threat, but it doesn't rewrite the rules of the game. https://theconversation.com/mythos-ai-is-a-cybersecurity-threat-but-it-doesnt-rewrite-the-rules-of-the-game-281268
[6] Agence Europe. (2026, June 2). Anthropic offers ENISA access to its Mythos model, discussions now focus on secure access arrangements. https://agenceurope.eu/en/bulletin/article/13879/14/anthropic-offers-enisa-access-to-its-mythos-model-discussions-now-focus-on-secure-access-arrangements
[7] MLQ.ai. (2026, June 2). Anthropic Grants EU Cybersecurity Agency ENISA Access to Mythos AI Model. https://mlq.ai/news/anthropic-grants-eu-cybersecurity-agency-enisa-access-to-mythos-ai-model/
[8] Axios. (2026, April 19). Scoop: NSA using Anthropic's Mythos despite Defense Department blacklist. https://www.axios.com/2026/04/19/nsa-anthropic-mythos-pentagon
[9] TechCrunch. (2026, April 20). NSA spies are reportedly using Anthropic's Mythos, despite Pentagon feud. https://techcrunch.com/2026/04/20/nsa-spies-are-reportedly-using-anthropics-mythos-despite-pentagon-feud/
[10] The Next Web. (2026, May 1). Anthropic's Mythos is moving between governments faster than regulators. https://thenextweb.com/news/nthropic-mythos-geopolitical-government-control
[11] The Register. (2026, May 2). Pentagon keeps Anthropic barred despite Mythos interest. https://www.theregister.com/2026/05/01/mythos_complicates_anthropic_us_gov_breakup/
[12] Techzine. (2026, June 1). EU cybersecurity agency gains access to Anthropic Mythos. https://www.techzine.eu/news/security/141744/eu-cybersecurity-agency-gains-access-to-anthropic-mythos/