European Union cybersecurity authorities are set to receive early access to one of the most advanced artificial intelligence systems developed by Anthropic PBC, marking a significant step in transatlantic efforts to assess the security risks posed by next-generation AI models. The EU Agency for Cybersecurity, known as ENISA, will become the first European institution to test Mythos, a powerful generative AI tool that has raised concerns among governments due to its potential ability to identify and exploit weaknesses in critical computer systems.
According to people familiar with the matter, Anthropic has agreed to include ENISA in its controlled testing initiative known as Project Glasswing. The programme is designed to allow selected governments, regulators, and private-sector organisations to evaluate the capabilities of Mythos before its broader commercial release. The decision was communicated to the European Commission over the weekend, with officials speaking on condition of anonymity because the discussions are not public.
The move comes as European policymakers intensify efforts to understand how advanced AI systems could affect cybersecurity frameworks. Mythos has been described by Anthropic as unusually capable in analysing network structures and detecting vulnerabilities that could be exploited in cyberattacks. As a result, the company has adopted a cautious rollout strategy, granting limited access to ensure that potential risks are identified and mitigated in advance.
ENISA’s involvement reflects growing concern within the European Union about the dual-use nature of generative AI technologies. While these systems promise productivity gains and innovation across industries, they also introduce new security challenges, particularly in areas involving digital infrastructure, financial systems, and government networks. By allowing regulators to test Mythos directly, Anthropic is effectively inviting external scrutiny of a model it considers both highly advanced and potentially sensitive in its applications.
Project Glasswing has already drawn participation from a select group of stakeholders outside Europe. In the United States, several government agencies and major technology and financial firms have been granted early access to the system. However, expansion of the programme has not been without friction. The White House reportedly rejected some of Anthropic’s recent proposals to broaden access, citing national security considerations and the need for stricter oversight before wider deployment.
In the United Kingdom, the AI Security Institute was among the earliest bodies permitted to evaluate the model, underscoring a broader international pattern of cautious experimentation with frontier AI systems. The inclusion of multiple allied jurisdictions reflects a shared understanding that the risks associated with advanced AI are not confined within national borders, but instead require coordinated regulatory and technical responses.
Within the European Commission, officials have been increasingly vocal about the importance of establishing frameworks for assessing high-risk AI tools. Thomas Regnier, a commission spokesperson, said on Monday that Mythos represents part of a wider technological shift that policymakers must prepare for. He emphasised that the emergence of such systems is not an isolated event but part of a broader wave of increasingly capable models entering the market.
“Mythos is not a one-off development; a new generation of powerful models is coming,” Regnier said. “This is a shared challenge, and we are intensifying our discussions with like-minded partners, including the United States.”
Regnier declined to specify when ENISA would gain full access to the model, reflecting the ongoing nature of negotiations between the EU and Anthropic. The company itself also declined to comment on the details of its collaboration with European regulators.
The controlled release strategy adopted by Anthropic highlights a growing trend among leading AI developers: balancing rapid innovation with preemptive safety testing. As models become more capable of performing complex reasoning tasks, including those relevant to cybersecurity, the stakes for misuse or unintended consequences continue to rise.
Experts note that systems like Mythos could be used defensively to strengthen cyber infrastructure, but also offensively to identify vulnerabilities in systems that are not properly secured. This dual-use potential has become a central concern for policymakers, who are now attempting to design oversight mechanisms that can keep pace with technological advancement.
The involvement of ENISA is therefore seen as a critical step in aligning European regulatory preparedness with emerging AI capabilities. By testing Mythos in a controlled environment, the agency will be able to evaluate not only its technical strengths but also its potential risks to digital infrastructure across member states.
As AI systems continue to evolve at a rapid pace, the collaboration between Anthropic and European regulators signals an emerging model of governance in which public institutions play an active role in shaping how frontier technologies are deployed. While questions remain about access timelines and oversight structures, the inclusion of ENISA in Project Glasswing marks a significant milestone in Europe’s approach to AI security.
