Anthropic Grants ENISA Access to Mythos: A Strategic Shift for EU Cybersecurity
Anthropic is granting ENISA access to its Mythos model for vulnerability discovery. As the first EU entity to join Project Glasswing, the agency enters a high-…
During the weekend of May 30-31, 2026, Anthropic notified the European Commission of its decision to grant ENISA access to Claude Mythos Preview via Project Glasswing. The European Union Agency for Cybersecurity becomes the first European entity to join the initiative, though terms and conditions are still being negotiated and the agreement is not yet operational. This move places Brussels at the center of a new strategic geography: defensive capabilities powered by automated reasoning models are becoming negotiated assets between governments and tech vendors, rather than simple market commodities.
- Anthropic has decided to grant ENISA access to Mythos; the EU agency will be the first European entity in Project Glasswing, though the agreement is not yet signed or operational.
- The European Commission confirmed "productive meetings" and "latest developments on potential future access" via an on-record statement from spokesperson Thomas Regnier.
- Mythos has identified over 10,000 high or critical severity vulnerabilities in systemically important software; 1,726 were validated as true positives, with 1,094 rated high or critical.
- Mythos achieves a 72.4% success rate in autonomous exploits, compared to "practically zero" for the previous Opus 4.6 model, directly impacting patching timelines.
- CISA’s participation in Project Glasswing remains unconfirmed; neither Anthropic nor the U.S. agency responded to requests for clarification.
The ENISA-Anthropic Negotiations: Status and Roadblocks
Preliminary reports emerged from Bloomberg on June 1, 2026, with anonymous sources confirming the weekend communication. Dark Reading obtained official confirmation from Thomas Regnier, spokesperson for the Commission for Tech Sovereignty: "I can confirm that the European Commission has had several productive meetings with Anthropic. We welcome the latest developments regarding potential future access." Regnier added that "access to Mythos is of the highest importance to gain a clear picture of potential risks" and noted that "Mythos is not an isolated case; a new wave of powerful models is entering the market."
CryptoBriefing reported that as of May 11, 2026, four to five meetings had already taken place between the Commission and Anthropic. The discrepancy between the spokesperson’s cautious phrasing ("potential future access") and Bloomberg’s more definitive account ("decision communicated") highlights an interpretative gap: there is no signed agreement or operational timeline yet. ENISA has not yet begun using Mythos.
Project Glasswing: The Architecture of an Exclusive Tech Club
Announced in April 2026, Project Glasswing includes over 40 organizations, according to Dark Reading and Techzine. Partners include Amazon, Apple, Microsoft, Google, the Linux Foundation, JP Morgan Chase, and NVIDIA. Anthropic has committed $100 million in usage credits and $4 million in direct donations to open-source security organizations. Usage is strictly bound to defensive purposes; partners are prohibited from using discovered vulnerabilities for offensive goals.
On May 18, 2026, Anthropic enabled partners to share Mythos-derived results with external stakeholders, expanding the circle of those who can act on flaws before public disclosure. This creates an asymmetric information environment: Glasswing participants gain visibility into critical issues weeks or months before the broader ecosystem, while the rest of the market remains exposed. Microsoft has already integrated Mythos into its Security Development Lifecycle, and the Pentagon is reportedly using it for U.S. government systems, according to Techzine.
Mythos in Action: 10,000 Flaws and 72.4% Autonomous Exploit Success
The Hacker News documented Mythos’s operational capabilities with precise metrics: over 10,000 high or critical severity vulnerabilities identified since the launch of Glasswing, with 6,202 impacting over 1,000 open-source projects. Of these, 1,726 were validated as true positives—1,094 of which are high or critical severity. Only 97 findings have been patched upstream, and 88 advisories issued through Glasswing, a lag Anthropic acknowledged: "The relative ease of finding vulnerabilities compared to the difficulty of fixing them represents a major challenge for cybersecurity."
The most significant technical data point is the autonomous exploit success rate: 72.4% for Mythos, compared to "practically zero" for the previous Opus 4.6, according to Techzine. Mythos does not merely match known signatures; it operates through reasoned identification of zero-day vulnerabilities, including multi-decade flaws in mature codebases. It discovered a 27-year-old vulnerability in OpenBSD and a 17-year-old flaw in FreeBSD. Its defining capability is the autonomous construction of exploit chains—combining multiple vulnerabilities into complete attack paths—at a success rate that collapses the traditional "exploit window."
"Network defenders should shorten testing and deployment times for patches." — Anthropic, via The Hacker News
CVE-2026-5194 in WolfSSL, carrying a CVSS 9.1 score according to the NVD record, serves as a documented case study. Discovered by Mythos, it enables certificate forgery attacks. The vulnerability is real and verified in the national database, serving as tangible proof of the model's output. While not directly linked to the ENISA access—it was identified prior to the announcement—it validates the capabilities Brussels intends to acquire.
The Transatlantic Split: CISA Out, ENISA In?
The geopolitical angle marks this news as an inflection point. Gene Moody, field CTO of Action1, analyzed the dynamic for Dark Reading: "While access is intentionally limited, the exclusion of the primary U.S. civilian cybersecurity authority suggests a growing divergence in strategic priorities. European regulators appear focused on strengthening defensive posture through controlled AI deployment, while U.S. policy signals have progressively blurred the line between health and cyber-offensive reality."
This statement is interpretative; neither Anthropic nor CISA has confirmed or denied the U.S. agency's participation. However, the lack of response to Dark Reading’s inquiries, combined with ENISA’s entry, creates a notable institutional asymmetry. If Washington is ceding AI-based defensive coordination to Brussels, the implications are architectural: those who control the anticipation of vulnerabilities control the protection timelines for critical infrastructure.
Operational Impact and the Patching Gap
The current dossier does not specify the technical safeguards for ENISA’s access, the operational timeline, or whether Anthropic will grant access to other national European agencies. Contractual terms, result-sharing protocols, and the exact scope of ENISA’s responsibilities within the Glasswing ecosystem remain undefined. It is also unclear if the May 18, 2026, policy change regarding external sharing of findings will influence the EU agency’s prerogatives.
Furthermore, the brief does not document whether OpenAI’s competitive offer, revealed on May 11, 2026, accelerated Anthropic’s decision, nor does it provide details on Project Glasswing’s long-term business model beyond the initial $100 million in credits. The exact nature of the data and vulnerabilities ENISA will access is yet to be determined; the dossier does not list software categories, critical infrastructure sectors, or declassification protocols.
Commercial Competition and Defensive Inequality
OpenAI’s May 11, 2026, revelation indicates that Mythos will not operate in a monopoly. Two competing models for vulnerability discovery, both with restricted access to vetted partners, impose a market structure where cybersecurity becomes a positional good: those inside the club gain a weeks-long advantage, while those outside remain exposed to traditional patch cycles. For European enterprises, ENISA’s access could translate into accelerated patching cycles for critical infrastructure—but only if the agency develops effective dissemination capabilities for national operators.
For security teams, a 72.4% autonomous success rate means the traditional interval between disclosure and exploit is compressing beyond the threshold of manageability. Anthropic’s recommendation to "shorten testing and deployment times" assumes an operational transformation that many organizations have yet to implement. The gap is no longer just between those who patch and those who don’t; it is between those who know what to patch first and those who find out too late.
European digital sovereignty now hinges on access to the means of producing vulnerability intelligence. ENISA’s entry into Glasswing is a step forward. The open question is whether the Union can translate that access into distributed defensive capability, or if the benefit will remain concentrated within a narrow institutional and corporate circle.
Information has been verified against cited sources and is current as of the time of publication.
Sources
- https://www.darkreading.com/cyber-risk/anthropic-mythos-ai-eu-enisa
- https://thehackernews.com/2026/05/claude-mythos-ai-finds-10000-high.html
- https://www.techzine.eu/news/security/141744/eu-cybersecurity-agency-gains-access-to-anthropic-mythos/
- https://cryptobriefing.com/anthropic-eu-mythos-ai-cybersecurity/
- https://www.bloomberg.com/news/articles/2026-06-01/anthropic-to-give-eu-s-cybersecurity-agency-access-to-mythos
- https://cryptobriefing.com/anthropic-eu-enisa-mythos-access/
- https://nvd.nist.gov/vuln/detail/CVE-2026-5194
- https://support.claude.com/en/articles/14604842-real-time-cyber-safeguards-on-claude
- https://thehackernews.com/
- https://thehackernews.com/p/upcoming-hacker-news-webinars.html
- https://thehackernews.com/search/label/Threat%20Intelligence