← BACK TO FEED
AnthropicProject GlasswingENISAvulnerability researchAI security

EU's Cyber Watchdog Gets Access to Anthropic's Scary Vulnerability-Finding AI

Anthropic has agreed to grant the EU's cybersecurity agency ENISA access to its powerful AI model, Mythos, through Project Glasswing — making ENISA the first European entity to join the initiative. Mythos has drawn significant concern due to its ability to autonomously discover and exploit software vulnerabilities at unprecedented speed and scale, raising fears about lowering the barrier for sophisticated cyberattacks. While the European Commission views the access as essential for assessing AI-related cyber risks, the terms are still being negotiated, and it remains unclear whether the US agency CISA has been granted similar access.

After weeks of lobbying by Brussels, Anthropic has agreed to bring the EU's cybersecurity agency ENISA into Project Glasswing, its tightly controlled programme giving vetted organisations access to Claude Mythos, the frontier AI model that has been causing genuine alarm across the security research community.

European Commission tech sovereignty spokesperson Thomas Regnier confirmed the deal, calling it the product of "strong bilateral cooperation" with Anthropic and describing ENISA's access as being of "utmost importance" for understanding the risks attached to AI-assisted vulnerability research. He stopped short of claiming victory, noting that the specific terms governing how ENISA interacts with the model are still being worked out.

So what exactly is Mythos? Put simply, it's an AI model capable of not just finding software vulnerabilities but autonomously building exploit chains for them, quickly and at scale. Anthropic has claimed the model has already identified thousands of flaws in widely deployed software, including a 27-year-old bug in OpenBSD and a 17-year-old vulnerability in FreeBSD. Those are not minor footnotes. That's the kind of track record that gets security people very quiet in meetings.

The concern isn't abstract. Tools like Mythos could meaningfully reduce the effort required to discover and exploit vulnerabilities at scale, putting serious offensive capability within reach of actors who couldn't previously build it themselves. Defenders, by contrast, still patch at human speed.

Project Glasswing currently includes over 40 organisations, Amazon, Apple, Microsoft, Google, the Linux Foundation, JP Morgan Chase and NVIDIA among them, alongside maintainers of critical open source infrastructure. Anthropic has committed $100 million in usage credits for participants. The rationale is that if Mythos-style capabilities are coming regardless, it's better to put them in the hands of people trying to fix things before the attackers get there.

ENISA is the first European body to join that list. Its remit is broadly comparable to CISA in the US, though it operates with less of an incident-response function and more of a coordination and advisory role. John Gallagher, VP at Viakoo, argues ENISA is a genuinely useful addition rather than a symbolic gesture: the agency's focus on critical infrastructure and its history of coordinating operational responses across EU member states makes it a credible partner for this kind of work.

Regnier was also at pains to point out that Mythos is not a one-off problem. A wave of similarly capable models is on its way, and the EU wants institutional capacity in place before they arrive.

Now for the awkward question. While ENISA is in, there's no public confirmation that CISA, the US government's primary civilian cybersecurity body, has a seat at the table. Anthropic hasn't published a full participant list, so CISA's involvement remains genuinely unclear. Neither Anthropic nor CISA have commented publicly on the matter.

Gene Moody, field CTO at Action1, finds the apparent gap troubling. He argues it reflects a widening divergence in how the US and Europe are approaching AI and cybersecurity, with European regulators pushing for controlled defensive access while US policy signals have grown harder to read. If that divergence is real, he warns, it could erode US cyber threat intelligence's reputation for quality and leave both public and private sector organisations with less visibility into emerging threats.

That's a reasonable concern, though it rests on the assumption that CISA really is excluded. We don't actually know that yet. What we do know is that a model capable of industrialising vulnerability discovery is now in the hands of more than 40 organisations, and the race between defenders and attackers to make use of it has effectively begun.