Anthropic to Give EU’s Cybersecurity Agency Access to Mythos

Anthropic PBC, the San Francisco‑based creator of Claude, has unveiled Mythos, a generative‑AI system designed to locate and exploit software vulnerabilities at scale. Unlike traditional pen‑testing tools, Mythos leverages large language models to autonomously generate exploit code, dramatically reducing the time required to identify critical flaws. The technology has attracted attention from both defenders and attackers, prompting a debate over its responsible release. By offering a controlled testing environment, Anthropic hopes to balance innovation with the need to prevent misuse. Such capabilities force security teams to rethink traditional threat models.

ENISA, the EU’s Network and Information Security Agency, will join Anthropic’s Project Glasswing, a pilot program that lets vetted organizations evaluate Mythos before it reaches the broader market. The agency’s involvement gives regulators a front‑row seat to assess how AI‑driven exploit tools could be weaponized and to develop counter‑measures in real time. Access to Mythos also enables ENISA to benchmark the resilience of critical infrastructure across member states, providing data that can inform the EU’s upcoming Cybersecurity Act revisions.

The partnership signals a broader shift toward collaborative AI governance, where developers hand over early‑stage capabilities to public‑sector watchdogs. For European firms, the move could raise the security baseline, as compliance frameworks may soon require testing against advanced AI exploiters like Mythos. Meanwhile, investors watch Anthropic’s strategy as a differentiator in a crowded generative‑AI market, potentially unlocking new revenue streams from enterprise security licenses. As AI continues to blur the line between tool and weapon, such joint initiatives may become a template for responsible innovation worldwide.