Informa TechTarget | SearchSecurity Cybersecurity Dive InformationWeek Channel Dive Explore our brands Dark Reading Resource Library Black Hat News Omdia Cybersecurity Advertise NEWSLETTER SIGN-UP Cybersecurity Topics World The Edge DR Technology Events Resources CYBER RISK APPLICATION SECURITY THREAT INTELLIGENCE VULNERABILITIES & THREATS NEWS Anthropic to Open Mythos AI to EU's ENISA The European security agency's entry to Project Glasswing is the result of "strong bilateral cooperation" between the European Commission and Anthropic. Jai Vijayan,Contributing Writer June 1, 2026 4 Min Read SOURCE: RICOCHET64 VIA SHUTTERSTOCK The European Union is close to gaining access to Anthropic's frontier AI model, Mythos, after weeks of pressing for inclusion in Project Glasswing, a tightly controlled initiative that provides select organizations with access to the model for cybersecurity research and vulnerability discovery. In comments to Dark Reading, European Commission spokesperson for Tech Sovereignty Thomas Regnier confirmed media reports this week about Anthropic agreeing to let EU cybersecurity agency ENISA access Mythos for vulnerability research: "I can confirm that the European Commission had several productive meetings with Anthropic. We welcome the latest developments on potential future access." By way of background, Claude Mythos Preview is an Anthropic AI model that has raised considerable concern for its ability to not just detect software vulnerabilities but to also autonomously develop exploit chains for them at unmatched speed and scale. Anthropic has reported the model discovering thousands of vulnerabilities in widely used software, including a 27-year-old flaw in OpenBSD and a 17-year-old vulnerability in FreeBSD. Many researchers fear that a tool like Mythos could significantly lower the barrier to discovering and exploiting software vulnerabilities at scale, enabling both state and non-state actors to automate sophisticated cyberattacks faster than most organizations can patch or respond. Related:As Global Powers Explore Humanoid Robots, Cyber-Risk Looms Mythos a Matter of "Utmost Importance" for the EU Regnier described the outcome as "the result of the Commission's strong bilateral cooperation and engagement with Anthropic" and stressed that access to Mythos is "of utmost importance to get a clear picture on the potential risks" tied to AI-assisted vulnerability discovery and exploitation. Regnier emphasized that the concern around the dual-use nature of AI tools extends well beyond a single model. "Mythos is not a one-off — a new wave of powerful models are coming to the market," he said. "This is a shared challenge, and we are intensifying our discussions with like-minded partners, including the United States." LOADING... In April, Anthropic announced that it would make Mythos' capabilities available to a tightly vetted group of companies so they could use the technology to look for and secure vulnerabilities in their products before adversaries find them. The so-called Project Glasswing initiative currently includes more than 40 organizations, such as Amazon, Apple, Microsoft, Google, Linux Foundation, JP Morgan Chase, NVIDA, and several others. Among them are organizations that build and maintain critical software infrastructure, and also providers of open source software. Anthropic has said it will commit $100 million in usage credit for these organizations to use Mythos. Related:Dutch Raid Fails to Dent Russian Bulletproof Host ENISA: Project Glasswing's First EU Partner While Anthropic's decision is a win for Brussels — ENISA will be the first EU entity to access Mythos — the arrangement is not yet fully in place. Anthropic and the European Commission are still negotiating the terms and conditions that will govern how ENISA will interact with the model in a safe and mutually acceptable manner. ENISA, whose function is broadly analogous to the US Cybersecurity and Infrastructure Agency (CISA) but with less of an operational role, will be the first European entity to gain access to Mythos. The European Commission has described that visibility as essential not just for understanding Mythos specifically, but for building the institutional capacity to assess the wave of similarly capable models that are expected to follow it. "ENISA having access to Mythos adds a serious and credible partner to the overall efforts on getting prepared for the day when organizations will have to deal with a massive increase in vulnerabilities needing to be remediated," says John Gallagher, vice president at Viakoo. Mythos is or will be in the hands of cyberattackers soon, so involving cyber defenders like ENISA is vital, he adds: "ENISA brings their extensive focus on critical infrastructure into Glasswing, and, most importantly, brings their track record of actively coordinating operational responses to threats across Europe." Related:Focus on Cyber Insurance: How Quantifying Risk Is Reshaping Security But why is CISA left out in the cold? CISA: No Access to Anthropic Mythos? Gene Moody, field chief technology officer (CTO) at Action1, says that CISA's seeming non-participation in Project Glasswing, whether by choice or otherwise, is concerning. "While access is intentionally limited, the exclusion of the United States' primary civilian cybersecurity authority suggests a growing divergence in strategic priorities," he explains. "European regulators appear focused on strengthening defensive posture through controlled AI deployment, while US policy signals have increasingly blurred the line between sanity and offensive cyber-reality." Further, that divergence risks eroding the status of US cyber threat intelligence as the standard for quality and reliability, he warns: "Reduced access to cutting-edge defensive tooling, combined with shifting policy emphasis, may leave both public and private sector stakeholders operating with significantly diminished visibility into emerging threats." That said, Anthropic has not released the full list or organizations that are part of Project Glasswing. So, it's possible that CISA is indeed a participant after all; however, neither Anthropic nor CISA responded to a Dark Reading request for clarification. About the Author Jai Vijayan Contributing Writer Illinois-based Jai Vijayan is a veteran, award-winning technology journalist with more than 25 years of experience covering cybersecurity. His information security reporting has explored everything from ransomware, nation-state threats, and identity security to AI risk, critical infrastructure protection, software supply chain security, cloud security and emerging enterprise technologies. Over the course of his career, Jai has written news stories, feature articles, survey reports, white papers, and e-books for enterprise and technology audiences. He has also moderated panel discussions and executive roundtables featuring CISOs, security researchers, and industry leaders. Jai previously served as senior editor at Computerworld, where he covered information security and data-privacy issues. His work has also appeared in CSO Online, InformationWeek, The Christian Science Monitor Passcode, The Economic Times, and other publications. His work has earned multiple industry honors, including a Joint ASBPE Excellence Award for Best Coverage of Government IT, and a Joint Jesse H. Neal Award for wireless LAN security coverage. Jai holds a Master’s degree in statistics from Bangalore University, and studied broadcasting and electronic communication at Marquette University in Milwaukee. Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports How Organizations Are Managing Incident Response How Enterprises Are Developing Secure Applications Inside RSAC 2026: security leaders reveal the risks redefining your defense strategy Essential News & Insights from Black Hat USA 2025 How Enterprises Are Harnessing Emerging Technologies in Cybersecurity Access More Research Webinars The Frontier AI Era: Why Cybersecurity Must Move at Machine Speed Build vs. Buy: The Hidden Cost of Building Your Own AI Security Stack Defending in the Shadow Era: When the CVE Feed Goes Dark Building SecOps That Make the Most of Every Dollar AI-Powered Credential Security: Intelligence Without Exposure More Webinars You May Also Like CYBER RISK How Can CISOs Respond to Ransomware Getting More Violent? by James Doggett JAN 28, 2026 CYBER RISK US Cyber Pros Plead Guilty Over BlackCat Ransomware Activity by Alexander Culafi JAN 05, 2026 CYBER RISK Switching to Offense: US Makes Cyber Strategy Changes by Robert Lemos, Contributing Writer NOV 21, 2025 CYBER RISK Microsoft Exchange 'Under Imminent Threat,' Act Now by Arielle Waldman NOV 12, 2025 Editor's Choice CYBERSECURITY OPERATIONS 20 Leaders Who Built the CISO Era: 2 Decades of Change byDark Reading Editorial Team MAY 12, 2026 41 MIN READ APPLICATION SECURITY It's Patch Tuesday for Microsoft & Not a Zero-Day In Sight byJai Vijayan MAY 12, 2026 5 MIN READ CYBERATTACKS & DATA BREACHES Instructure Breach Exposes Schools' Vendor Dependence byAlexander Culafi MAY 6, 2026 4 MIN READ Want more Dark Reading stories in your Google search results? Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE LOADING... Webinars The Frontier AI Era: Why Cybersecurity Must Move at Machine Speed TUESDAY, JUNE 23, 2026 1:00 PM EDT Build vs. Buy: The Hidden Cost of Building Your Own AI Security Stack THURS, JUNE 25, 2026, AT 1PM EST Defending in the Shadow Era: When the CVE Feed Goes Dark TUES, JUNE 16, 2026 AT 1PM EST Building SecOps That Make the Most of Every Dollar THURS, JULY 9, 2026 AT 1PM EST AI-Powered Cybersecurity for Resource-Constrained Organizations THURS, JUNE 18, 2026, AT 1PM EST More Webinars BLACK HAT USA | MANDALAY BAY, LAS VEGAS The premier cybe