Anthropic to Open Mythos AI to EU's ENISA

The rise of generative AI has moved beyond chatbots into the realm of offensive cybersecurity. Anthropic’s Mythos model, a preview of its Claude line, can scan codebases, pinpoint zero‑day flaws, and automatically generate exploit chains. Researchers have documented thousands of discoveries, including a 27‑year‑old OpenBSD bug, illustrating how AI can compress months of manual analysis into minutes. This dual‑use capability forces a reevaluation of traditional threat models, as defenders must now contend with tools that can both find and weaponize vulnerabilities at scale.

Europe’s decision to grant ENISA access to Mythos marks a proactive step toward understanding these emerging risks. Project Glasswing, the tightly controlled program that already includes Amazon, Microsoft, Google, and the Linux Foundation, offers $100 million in usage credits to vetted participants. By becoming the first EU agency in the cohort, ENISA can conduct controlled vulnerability research, develop mitigation strategies, and inform policy on AI‑assisted attacks. The move also signals a broader EU intent to build institutional capacity for assessing future AI models that may exhibit similar exploit‑generation capabilities.

The transatlantic dimension adds a layer of complexity. While the United States’ cyber agency CISA appears absent from the Glasswing roster, European officials stress collaboration with like‑minded partners, including the U.S., to address the shared challenge. As AI models become more powerful, the gap between defensive and offensive tooling narrows, prompting calls for coordinated standards, transparency, and joint research initiatives. Stakeholders across the tech supply chain must prepare for a surge in AI‑driven vulnerabilities, making early access to models like Mythos a strategic imperative for both regulators and industry leaders.