Europe’s Laws ‘Ill-Equipped’ to Deal with Superhacking AI, Lawmakers Warn

The cybersecurity community is confronting a new class of threats built on generative‑AI models that can locate and exploit software vulnerabilities faster than human experts. Anthropic’s Mythos, unveiled last month, demonstrated the ability to out‑perform seasoned pen‑testers, raising alarms in governments worldwide. These “super‑hacking” systems combine large‑scale code analysis with reinforcement‑learning techniques, turning what was once a niche research tool into a potential weapon for cyber‑criminals. As the technology matures, the speed and scale of attacks could outstrip traditional defensive playbooks.

European policymakers argue that the bloc’s existing Cybersecurity Act and AI Act are ill‑equipped to address these capabilities. In a letter signed by thirty MEPs, they urged Commission Vice‑President Henna Virkkunen to draft a ‘European mitigation plan’ and to grant the EU agency ENISA direct access to models like Mythos for independent testing. The appeal also calls for tighter rules on vulnerability disclosure and stronger protection of critical‑infrastructure ‘crown jewels.’ Lawmakers see the upcoming reforms as a chance to embed AI‑specific safeguards into the EU’s digital security architecture.

The EU’s AI Office, slated to receive enforcement powers in August 2026, will become the central point of contact for model access and compliance verification. Industry observers warn that delayed access could hamper risk‑assessment efforts and give adversaries a head start. For tech firms, the push signals a shift toward mandatory transparency and collaborative oversight, echoing trends in the United States and Asia. Companies that proactively share model details with regulators may gain a competitive edge while helping shape a more resilient European AI ecosystem.