ANTHROPIC GIVES EU CYBERSECURITY WATCHDOG ACCESS TO MYTHOS — THE AI THAT HAS FOUND OVER 23,000 ZERO-DAY VULNERABILITIES
Anthropic has agreed to give the European Union Agency for Cybersecurity, known as ENISA, access to Mythos, the restricted frontier model operating inside critical infrastructure under Project Glasswing since April. ENISA is the first European organization to gain access to the program, and the arrangement follows months of closed-door negotiations between Anthropic and the European Commission, with Brussels officials traveling to San Francisco in late May to finalize terms that govern how ENISA will interact with the model in a secure and mutually acceptable way.
The significance of this deal is what Mythos actually is. This is not a commercially available model with a pricing page. Mythos has autonomously identified more than 23,000 high- and critical-severity software vulnerabilities across major operating systems and browsers, including zero-day flaws that survived decades of human code review and millions of automated security scans. Anthropic expanded Project Glasswing on June 2 to cover power grids, water systems, healthcare networks, and communications infrastructure, with combined partner codebases affecting more than 100 million people.
OpenAI moved first on EU access, rolling out GPT-5.5-Cyber to vetted European defenders in May under a new EU Cyber Action Plan. Anthropic’s ENISA deal is the counterpunch. Both companies are now competing directly for European government and enterprise security contracts, and both understand that the organization that controls Europe’s critical infrastructure AI relationship controls a major long-term procurement pipeline. Brussels dispatched officials to San Francisco because neither company could be handled through normal procurement channels. That tells you something about the stakes.
Keywords: Anthropic Mythos ENISA, EU cybersecurity AI, Project Glasswing Europe, AI critical infrastructure