Anthropic extends Mythos to the EU: a highly monitored cyber offensive

· Anthropic, Mythos, cybersécurité, UE, IA

Anthropic extends Mythos to the EU: a highly monitored cyber offensive

Anthropic is accelerating its European deployment with Mythos, an AI model designed to identify and exploit software vulnerabilities. The Glasswing project, which oversees access to Mythos, is now expanding to approximately 150 organizations across more than fifteen countries, under strict conditions.

Anthropic extends Mythos to the EU: a highly monitored cyber offensive

Anthropic, an American company, is accelerating its European deployment with Mythos, an artificial intelligence model designed to identify and exploit software vulnerabilities. The Glasswing project, which oversees access to Mythos, is now expanding to approximately 150 organizations spread across more than fifteen countries. A strategic expansion, but subject to drastic conditions.

Mythos arrives in Europe: an expanded network, carefully selected players

Anthropic is no longer content with the United States and the United Kingdom. The Glasswing project, launched as a restricted coalition of technological and cyber partners, now includes European players. This opening remains highly regulated. Candidate organizations must meet strict security criteria, verified by Anthropic before any authorization. Among the countries concerned are France, Germany, Italy, Switzerland, the Netherlands, Spain, Belgium, and Sweden. The European Union Agency for Cybersecurity (ENISA) could become the first institution in the bloc to access Mythos, according to Bloomberg.

This model, presented as a major advance in cybersecurity, can also represent a risk if it falls into the wrong hands. Glasswing is not a public program, but a private initiative whose contours partly escape regulators.

Technical safeguards, but persistent questions

Access to Mythos is not trivial. Anthropic insists on the security protocols imposed on participants: regular audits, usage restrictions, and activity traceability. Each organization must sign binding commitments, under penalty of immediate exclusion from the project.

However, these measures do not dispel all concerns. European regulators, initially kept out of the discussions, are gradually discovering the extent of Mythos' capabilities. ENISA, if it indeed gains access, will have to set up an internal mechanism to manage the model securely. A technical and legal challenge, as the European Union finalizes its own regulatory framework on AI.

A strategy of influence ahead of a stock market introduction

This European expansion comes at a particular time for Anthropic. The company is preparing for its stock market debut and seeks to consolidate its position against competitors like OpenAI or Google DeepMind. Mythos, presented as a cyber defense tool, also serves as a commercial argument: it demonstrates Anthropic's mastery in a highly strategic field.

The Glasswing project plays a key role in this communication. By associating public and private players with its model, Anthropic creates an ecosystem of partners that strengthen its credibility. The inclusion of ENISA, if confirmed, could be a media coup: it would legitimize Mythos in the eyes of European institutions, while opening the door to future contracts.

European regulators between mistrust and opportunism

The reaction of European authorities remains cautious. While some countries, like France or Germany, see Mythos as an asset for their digital sovereignty, others question the implications of such a tool. The European Parliament has already expressed reservations about AI models capable of exploiting software vulnerabilities, fearing they could be diverted for malicious purposes.

The European Commission is trying to find a balance. On the one hand, it recognizes the interest in collaborating with players like Anthropic to strengthen the EU's cyber defenses. On the other hand, it insists on the need to maintain control over these technologies, particularly through independent audits and transparency clauses. A difficult compromise to find, as negotiations with the company continue.

A double-edged model

Mythos illustrates the ambiguities of AI in cybersecurity. On the one hand, it offers organizations the ability to test their defenses against sophisticated attacks by simulating realistic scenarios. On the other hand, it concentrates considerable power in the hands of a few players, with risks of proliferation or leakage.

The selection criteria for participants, although strict, do not guarantee absolute security. A human or technical flaw could be enough to compromise the system. Furthermore, the growing dependence on tools like Mythos raises the question of technological sovereignty: by relying on an American company, is Europe taking the risk of finding itself in a position of weakness?

Conclusion: towards accelerated regulation?

The expansion of Mythos in Europe could hasten debates on AI regulation. European authorities, already engaged in the development of the AI Act, will have to decide: should models capable of exploiting vulnerabilities be more strictly regulated, or on the contrary, integrated into a collective defense strategy?

Anthropic has every interest in playing the cooperation card. By partnering with institutions like ENISA, the company hopes to defuse criticism and position Mythos as an indispensable tool. But this strategy will only work if the security guarantees are up to the challenges.

In the medium term, two scenarios are emerging. Either the EU manages to impose a strict framework, limiting risks while taking advantage of technological advances. Or it remains on the sidelines, leaving the field open to private actors whose priorities do not always coincide with the general interest. In both cases, the balance will be fragile.

Key Points

  • Anthropic is extending access to Mythos to around 150 organizations in more than fifteen European countries.
  • The Glasswing project is highly regulated with strict security criteria.
  • ENISA could become the first European institution to access Mythos.
  • European regulators remain cautious about this expansion.
  • Mythos could accelerate debates on AI regulation in Europe.

Sources

  1. Next.ink - "☕️ Anthropic expands access to Mythos to about fifteen countries". (secondary)
  2. Politico Europe - "Anthropic expands access to cyber-capable Mythos model beyond US". (secondary)
  3. Dark Reading - "Anthropic to Open Mythos AI to EU's ENISA". (secondary)
  4. Expansion Spain - "Anthropic will expand access to Mythos to more than 15 countries, including Spain". (secondary)

Transparency: 4 sources (0 primary, 4 secondary). Verification: June 2, 2026.

Truthyx - June 2, 2026