Anthropic Grants ENISA Access to Mythos: EU Gets Its First Look at the Most Dangerous AI Model

What Was Announced

On June 1, 2026, Anthropic reached a preliminary agreement to grant the European Union Agency for Cybersecurity (ENISA) access to Claude Mythos through Project Glasswing, its controlled-access initiative for advanced security research. ENISA becomes the first EU institution to receive access to the model, following months of negotiations that at one point required European Commission officials to travel to San Francisco for in-person talks.

The terms of access are not yet finalized. An ENISA spokesperson confirmed the arrangement is "offered but the conditions are still being agreed," with unresolved questions around data sovereignty, whether ENISA can share Mythos findings with EU member state cybersecurity agencies, and whether the agency receives commercial or government-to-government pricing.

Why the EU Wanted Access

The urgency behind the EU's request is not abstract. Claude Mythos Preview, launched in April 2026, identified more than 10,000 zero-day vulnerabilities within its first month of deployment — flaws spanning every major operating system and browser currently in widespread use across European banking systems, government networks, and critical infrastructure.

Euro-area finance ministers, the European Central Bank, and multiple member state governments pressed for access after learning that an American AI company had identified vulnerabilities in systems that European institutions depend on daily, while no European regulator had visibility into those findings. The EU's position was structurally weak: the EU AI Act, which enters full enforcement on August 2, 2026, contains no mechanism to compel American companies to share access to powerful AI systems with European regulatory bodies.

With four to five rounds of meetings failing to produce agreement, European Commission officials ultimately flew to San Francisco to press Anthropic directly — an unusually escalated diplomatic engagement for a regulatory access dispute.

What Mythos Can Actually Do

The capabilities that drove EU concern are well documented. Mythos can autonomously identify security flaws in complex codebases, generate working exploits with an 83% first-attempt success rate, and execute attack simulations that would traditionally require teams of human security researchers working for months. The model's first-month discovery of over 10,000 zero-day vulnerabilities across production systems was not a controlled lab exercise — it was applied against real, deployed software.

For comparison, the US Cybersecurity and Infrastructure Security Agency (CISA) typically processes hundreds of new vulnerability disclosures per month. Mythos found more in four weeks than CISA typically handles in two years.

Pricing for Project Glasswing participants is set at $25 per million input tokens and $125 per million output tokens — substantially above standard API rates, reflecting both the model's capability tier and the managed-access structure Anthropic imposes on Glasswing participants.

Project Glasswing's Current Scope

Project Glasswing launched in April 2026 as Anthropic's mechanism for responsible deployment of Mythos's offensive security capabilities. The initiative has approximately 40 vetted US companies and select government entities, with a more recent expansion to UK financial institutions. Partners include major technology organizations such as Microsoft, Apple, Google, and Cloudflare, which access the model via the Claude API, Amazon Bedrock, Google Cloud Vertex AI, and Microsoft Foundry.

Anthropic has committed up to $100 million in Mythos usage credits across Glasswing participants and $4 million in direct donations to open-source security organizations. The structure is designed to ensure that Mythos's vulnerability discovery capabilities are paired with coordinated disclosure and remediation — not simply handed to organizations that could use the findings offensively.

ENISA's admission to Glasswing extends this framework to a regulatory body rather than a commercial entity, which creates novel questions about how findings should be handled. Unlike a private company that discovers a vulnerability, a national cybersecurity agency operates under legal obligations to notify governments and critical infrastructure operators — obligations that may not map cleanly onto Anthropic's existing disclosure protocols.

The Competitive Pressure and European AI Sovereignty

The Mythos-ENISA agreement sits within a broader tension over AI sovereignty that is reshaping European policy. OpenAI launched a competing initiative called Daybreak for vulnerability discovery and patch generation, but industry assessments consistently place Mythos as the current benchmark for AI-assisted offensive security research.

BNP Paribas and Mistral AI have separately begun development of a European alternative, an effort that ENISA's access to Mythos is unlikely to derail. The argument for sovereign European AI capabilities in cybersecurity has actually been strengthened by this episode — the months-long negotiation and unresolved terms demonstrate how dependent EU institutions are on the goodwill of American AI companies for access to frontier tools.

Implications and Outstanding Questions

Several important questions remain open as negotiations continue:

Data sovereignty: Will Mythos findings involving European infrastructure be stored on US-controlled infrastructure, or will Anthropic offer EU-region deployments for ENISA's access? The EU AI Act's data governance requirements may impose constraints here.

Member state access: ENISA serves as an advisory and coordination body, not an operational cybersecurity agency. EU member states with their own national cybersecurity agencies — Germany's BSI, France's ANSSI, and others — are expected to seek direct access once ENISA's arrangement is established, creating a potential cascade of negotiation demands.

Financial sector access: European banks regulated under DORA (Digital Operational Resilience Act) are actively seeking direct Mythos access for their own security testing, rather than routing through ENISA as an intermediary.

Usability and Enterprise Context

For organizations operating in the EU's regulatory environment, the Mythos-ENISA agreement signals that frontier AI security tools are becoming part of regulatory infrastructure rather than purely commercial products. Enterprise security teams should expect that regulators will increasingly be equipped with AI capabilities comparable to or exceeding what is available commercially.

The practical implication is a compression of the window between vulnerability discovery and regulatory awareness. If ENISA operates Mythos at the scale of Project Glasswing's US participants, the agency's technical understanding of systemic vulnerabilities in European infrastructure could become substantially more sophisticated within months.

Conclusion

The Anthropic-ENISA agreement is notable for what it reveals about AI governance as much as for what it grants. The EU's leading cybersecurity agency spent months negotiating for access to a model that American technology companies and government entities had been using for weeks — and as of June 1, the terms still require resolution. As the EU AI Act's full enforcement approaches in August, the gap between regulatory authority and technical capability in AI remains a defining challenge for European policymakers.

For security professionals and enterprise teams operating across EU jurisdictions, the ENISA access agreement signals that the regulatory environment is acquiring deeper technical tools. That should be taken as both an opportunity and a prompt to ensure that organizational security postures can withstand the level of scrutiny that AI-assisted vulnerability research makes possible.

Editor's Verdict

Anthropic Grants ENISA Access to Mythos: EU Gets Its First Look at the Most Dangerous AI Model earns a solid recommendation within the claude space.

The strongest case for paying attention is first substantive EU regulatory access to a frontier-capability AI security model, reducing Europe's intelligence asymmetry relative to US institutions, which raises the bar for what readers should now expect from peers in this space. Reinforcing that, project Glasswing's managed-access structure pairs offensive capability with coordinated disclosure protocols — Mythos findings go through a controlled remediation process adds practical value rather than just headline appeal. The broader signal worth registering is straightforward: the months-long negotiation demonstrates a structural gap in the EU AI Act: it can regulate AI deployed in Europe but cannot compel American companies to share advanced models with European regulatory bodies. On the other side of the ledger, terms remain unresolved — data sovereignty, member state sharing rights, and pricing tier are not confirmed, making the announcement premature in operational terms is a real constraint, not a marketing footnote, and it should factor into any serious decision. Layered on top of that, ENISA's advisory role means EU member states still lack direct access; a cascade of bilateral negotiation demands from BSI, ANSSI, and others is predictable narrows the set of teams for whom this is an obvious yes.

For Anthropic and Claude users, alignment-focused teams, and developers already invested in the Claude ecosystem, this is a serious evaluation candidate, not just a curiosity to bookmark. For everyone else, the safer posture is to monitor coverage and revisit once the use cases that matter to your team are demonstrated in the wild.