TL;DRAnthropic will give ENISA, the EU’s cybersecurity agency, access to its Mythos AI model through Project Glasswing, making it the first EU institution to access the system that discovered 10,000+ zero-day vulnerabilities. The decision ends weeks of contentious negotiations.
Anthropic has agreed to give the European Union’s cybersecurity agency, ENISA, access to Claude Mythos, the AI model that has autonomously discovered more than 10,000 high- and critical-severity zero-day vulnerabilities across every major operating system and web browser. The decision, communicated to the European Commission over the weekend, makes ENISA the first EU institution to join Project Glasswing, Anthropic’s controlled-access cybersecurity initiative.
The move ends a weeks-long standoff that had become one of the most visible flashpoints in the transatlantic AI relationship. Euro-area finance ministers, the European Central Bank, and multiple EU member states had demanded access after learning that Mythos had found vulnerabilities in systems that European banks, governments, and critical infrastructure providers rely on daily, while no European institution could see the findings.
What Mythos can do
Mythos is not a conventional cybersecurity tool. Launched in April 2026 as Claude Mythos Preview, the model can autonomously identify security flaws in complex codebases, generate working exploits on the first attempt in more than 83% of cases, and execute attack simulations that would traditionally require teams of human researchers working for months. In its first month inside Project Glasswing, the model discovered over 10,000 zero-day vulnerabilities across the world’s most critical software.
