Anthropic to give EU cybersecurity agency ENISA access to Mythos via Project Glasswing - first non-US/UK entity, terms still negotiating
Anthropic is set to give the EU's cybersecurity agency ENISA access to its restricted Mythos model through Project Glasswing - making ENISA the first EU institution and first entity outside the US and UK to join. The move, communicated to the European Commission over the weekend, ends a weeks-long standoff after euro-area finance ministers, the ECB, and member states demanded access on learning Mythos had found flaws in systems European banks, governments, and critical infrastructure rely on. Terms covering data sovereignty, sharing findings with member states, and the scope of systems ENISA may test are still being negotiated. BNP Paribas and Mistral continue building a European alternative.
- Check
- EU-based organizations: track ENISA's Mythos access as a future channel for coordinated vulnerability findings affecting European infrastructure. Factor frontier-AI vulnerability discovery into your patch-SLA planning.
- Affected
- European banks, governments, and critical-infrastructure operators whose systems Mythos has already flagged but whose findings were not previously visible to any EU institution until ENISA's access.
- Fix
- Compress patch cycles in anticipation of AI-surfaced vulnerability disclosures. Engage national CERTs and ENISA channels as they mature. Assume similarly capable models will broaden access over coming months.