The European Commission confirmed in the early hours of June 2 that bilateral talks with Anthropic have advanced to the point where ENISA, the European Union Agency for Cybersecurity, will gain access to the company's Mythos frontier model under a structured research arrangement called Project Glasswing. Commission spokesperson Thomas Regnier told reporters that several productive meetings had taken place and that the latest developments on potential future access were welcome. He emphasized that understanding the risks posed by AI assisted vulnerability discovery is of utmost importance, framing Mythos not as a one off concern but as the leading edge of a wave of similar models coming to market.
Mythos has earned its reputation in security circles by autonomously developing exploit chains at a speed and scale that traditional fuzzing and manual analysis cannot match. The model has reportedly surfaced thousands of vulnerabilities in widely deployed software, including a twenty seven year old flaw in OpenBSD and a seventeen year old vulnerability in FreeBSD. Both finds illustrate the technology's ability to dig into code paths that have eluded generations of human auditors. Researchers caution that the same capabilities, in unfriendly hands, could enable state and non state actors to automate sophisticated attacks faster than defenders can patch.
Project Glasswing launched in April 2026 as Anthropic's structured response to those concerns. The initiative provides controlled access to Mythos for a curated set of organizations engaged in defensive security research, paired with usage credits totaling one hundred million dollars. The current roster includes Amazon, Apple, Microsoft, Google, the Linux Foundation, JP Morgan Chase, NVIDIA, and a long list of additional critical infrastructure operators and open source maintainers. ENISA's inclusion would make it the first European Union institution at the table, alongside national governments and private sector partners.
The strategic implications run in several directions. From a defensive standpoint, the move gives ENISA the ability to identify vulnerabilities in software that underpins critical infrastructure across Europe before adversaries do. Given the agency's expanded mandate under NIS2 and the Cyber Resilience Act, having direct access to a tool that can audit operational technology code, embedded firmware, and major open source projects is a meaningful capability uplift. We expect ENISA to focus initial efforts on the European supply chain for essential services in energy, transport, healthcare, and finance.
From a policy standpoint, the arrangement signals that the European Commission is willing to engage directly with American AI developers when the security stakes justify it, even as Brussels continues to push regulatory pressure through the AI Act and adjacent rules. Regnier described the engagement as part of a shared challenge that requires intensified discussions with like minded partners, including the United States. That framing is diplomatic, but observers note the awkward subplot that CISA, the US civilian cyber agency, is not visibly part of Glasswing. Several analysts have suggested that the absence reflects a wider divergence between Brussels and Washington on how to govern offensive cyber tools, with the European side leaning toward defense centric controlled deployments and the US side increasingly comfortable with offensive postures.
For enterprise security leaders, the practical implication is that the playing field is shifting under their feet. If ENISA can run frontier model audits against open source dependencies that almost every European company relies on, the resulting vulnerability disclosures will land in patch queues over the coming months. That is good news in the long run, but it means CISO teams should expect a higher cadence of critical advisories and should pressure test their emergency patching capabilities now. Software bills of materials, dependency inventories, and automated patch deployment pipelines are no longer aspirational. They are the operational baseline for surviving an environment where AI assisted bug discovery is industrialized.
The Glasswing participation list also tells us where the future of defensive AI is concentrating. Cloud hyperscalers, major silicon vendors, large financial institutions, and the Linux Foundation form the core. Notably absent from public reporting are European industrial champions and major retail technology operators, although that may simply reflect Anthropic's chosen disclosure strategy rather than the actual scope. We would encourage European enterprises in essential service categories to formally request inclusion in Glasswing or similar programs run by other model developers. The cost of doing nothing is to leave defensive AI capability concentrated in the hands of a few US headquartered platforms, which runs counter to the strategic autonomy goals that Brussels has spent years articulating.
There are open governance questions still to resolve. Terms for ENISA participation, including data handling, model output classification, and downstream disclosure obligations, are reportedly still under negotiation. Researchers will want to know how Mythos generated findings flow into the standard CVE pipeline, how vendors are notified, and how long embargo periods last. If those details are handled well, the EU has a chance to set a credible global template for responsible deployment of offensive capable AI in defensive contexts. If they are handled poorly, the same capability could leak into adversarial hands faster than defenders can absorb it. The next few months of operational practice will determine which outcome prevails.
