Anthropic will give ENISA, the European Union Agency for Cybersecurity, access to its Mythos model through Project Glasswing, according to a Bloomberg report published Sunday. The agreement ends months of friction between Anthropic and European officials who had pushed for access since April, when the company first disclosed that its most capable AI model could autonomously surface vulnerabilities in critical software at a scale no human security team could match. ENISA becomes the first EU government body to join the Glasswing coalition, which now counts around fifty organizations, including Amazon, Apple, Microsoft, and Google.
A Stalemate Ends in San Francisco
The path to the deal was not straightforward. Shortly after Project Glasswing launched, finance ministers across several EU member states began pressing for European banks and infrastructure operators to gain equivalent access. The argument was practical: if Mythos can find previously unknown flaws in fully patched systems, European institutions would benefit from having those same flaws identified before adversaries discovered them independently.
Progress stalled through most of May. At one point Anthropic told European Commission officials that any expansion of Mythos access beyond the United States required sign-off from the White House, an unusual constraint for a commercial product that underscored how tightly the administration had wrapped its security concerns around the model. The White House had also resisted Anthropic's own internal proposal to add roughly seventy new organizations to the coalition, citing both the offensive potential of the technology and questions about the infrastructure required to support a broader rollout. EU officials responded by seeking to "intensify" their own talks directly with Washington on advanced cyber AI. A delegation from the Commission flew to San Francisco the week of May 26 for face-to-face meetings with Anthropic representatives, and the ENISA announcement appears to flow from those sessions.
Project Glasswing: Key Facts
- Coalition size~50 organizations
- Critical flaws identified10,000+
- Anthropic usage credits committed$100 million
- Donations to open-source security$4 million
- Responsible disclosure window90 days
- First EU government memberENISA
What ENISA Gets and What It Doesn't
ENISA's role inside Glasswing is bounded by the same rules that govern every other coalition member: access is limited to defensive scanning, and findings are subject to Anthropic's 90-day coordinated disclosure timeline. The agency coordinates incident response across EU member states and maintains close working relationships with the cybersecurity arms of national governments, making it a natural conduit for distributing patch information once vulnerabilities are identified and fixed.
European banks and private critical-infrastructure operators, the stakeholders that had been lobbying most loudly for access, are not included in this announcement. Anthropic has said publicly that it expects to make Mythos-class models available more widely within six to twelve months, once it has developed what the company describes as "far stronger safeguards." The ENISA deal should be read as a first step toward that broader rollout, not a substitute for it. OpenAI had already given EU officials access to its own cyber-capable model in May, creating competitive pressure on Anthropic to establish at least a government-level presence before the general release window opens.
"We're making swift progress on developing these safeguards and expect to be able to bring Mythos-class models to all our customers in the coming weeks." Anthropic, May 2026
Navigating Between Commerce and Geopolitics
The ENISA agreement illustrates how thoroughly geopolitics has entered the conversation around frontier AI deployment. Anthropic's decision to route EU government access through Washington rather than handling it as a standard commercial expansion reflects a new kind of constraint: models that cross certain capability thresholds are effectively dual-use technology, subject to the same diplomatic friction that has historically surrounded military hardware and advanced semiconductors.
That friction has already reshaped Anthropic's relationship with the U.S. government. The Pentagon designated the company a supply-chain risk earlier this year after Anthropic refused to modify guardrails that bar Claude from powering autonomous weapons or domestic mass surveillance. The NSA, notably, has continued using Mythos for its own defensive work, a detail that points to the gap between formal government policy and operational security needs. Giving ENISA access, with U.S. approval implied by the outcome of the San Francisco talks, suggests a narrower path is opening: allied cybersecurity agencies may be able to use Mythos even as broader commercial access waits for the safeguard framework to mature.
For security teams inside EU member states, the more immediate consequence is that the vulnerability database Glasswing is accumulating, including thousands of unpatched flaws in major operating systems and browsers, will now be applied to European infrastructure alongside American. Patches can follow before attackers with equivalent capability, still outside the coalition perimeter, identify the same issues. Whether that window stays open long enough to matter depends on how quickly the rest of the industry converges on Mythos-level cyber capability, a question that European regulators are only beginning to formalize answers to.
