The EU Wants Mythos to Test Its Defenses. Getting Access Is the Problem.
The EU wants to test the most dangerous AI hacking tool in the world against its own banks and power grids. There is no playbook for how to do that safely.
That is the paradox at the center of Brussels' confrontation with Anthropic. Mythos, the AI system Anthropic released in April, can find security flaws in every major software platform at machine speed — the model found 271 Firefox bugs in a single pass, plus a 27-year-old OpenBSD flaw and a 16-year-old FreeBSD remote-code-execution hole that nobody had caught for nearly three decades. The EU's response is to ask for access so its agencies can evaluate what those capabilities mean for European systems. The Swiss financial regulator already flagged why that is harder than it sounds: giving European institutions broad access to Mythos means deploying an offensive-security capability across systems that do not have the defensive infrastructure to respond to AI-generated attack patterns at scale, which could itself overwhelm incident response across the financial system.
The White House has spent several weeks blocking Anthropic's proposal to expand Mythos access to roughly 70 additional organisations, The Next Web reported, leaving European access pinned at whatever partner list Anthropic and the U.S. government settled on in April. The mechanism is not entirely clear, but the practical effect is that any European expansion requires U.S. approval — meaning Brussels is negotiating access to a U.S.-controlled AI system through the same diplomatic channel it would use to negotiate export controls. Euro-area finance ministers formally discussed the gap at their May 4 Eurogroup meeting, The Next Web reported, and the European Commission confirmed it is in contact with Anthropic about the access question, Reuters reported. Dozens of MEPs have signed a letter demanding that ENISA, the EU's cybersecurity agency, get Mythos access and produce a European plan for AI-driven cyber defense, GovInfoSecurity reported. Once the enforcement powers of the EU's AI Office start in August 2026, the Commission will have legal authority to compel access if needed, POLITICO reported.
The August 2026 date is not a deadline. It is a negotiating position. The real negotiation is happening now.
Germanys Bundesbank chief supervisor Michael Theurer put the concrete stakes on the record in an interview with Reuters in late April. European banks are already in difficult waters, Theurer said, and without access to Mythos they cannot model what AI-assisted attacks would look like against their own systems. The concern is not hypothetical: if a German bank or a European financial market infrastructure provider is hit by an attack that Mythos would have flagged, regulators will have to explain why they did not have the same visibility as U.S. counterparties who do have access. There is currently no mechanism for European institutions to request that evaluation from Anthropic or the U.S. government without triggering the same export-control framework that has kept them out so far.
The UK has already tested Mythos through its AI Safety Institute and taken action on the findings, POLITICO reported. Germanys BSI federal cybersecurity agency is in active contact with Anthropic but has not yet been able to run the model against German systems, POLITICO reported. The ECB has been quizzing eurozone bank chief risk officers on AI-powered cyberattack preparedness, Reuters reported. The NHS temporarily restricted access to hundreds of its public GitHub repositories in early May, citing rapid developments in AI models like Mythos.
FINMA, Switzerland's financial markets regulator, issued the sharpest public warning. Immediate broad access would itself be a systemic risk, The Next Web reported — because the model proves vulnerabilities exist faster than any organisation can patch them, and giving that tool to every institution that wants it does not close the remediation gap. It widens it.
The governance problem has no obvious solution. If the EU invokes its August 2026 compulsory powers, Anthropic faces a direct legal conflict: a U.S. company required by Brussels law to provide access that the White House has specifically told it not to provide. That is not a diplomatic workaround. That is a sovereignty collision with no established resolution mechanism. Anthropic has not publicly commented on how it would handle that conflict if it arose. The company has engaged with the Commission through diplomatic channels, which suggests it is treating the August date as a pressure point rather than an immovable deadline — but that diplomatic posture only holds as long as both sides prefer talking to litigating.
The skeptical view is that this resolves quietly. Anthropic expands the European partner list voluntarily before August, the U.S. government eases its objections in exchange for continued restrictions on China and other named destinations, and the crisis framing evaporates into a standard export-control negotiation. That outcome is plausible. But it leaves European regulators permanently dependent on U.S. goodwill for a capability that directly affects European financial and infrastructure security — a dependency that the Bundesbank, the MEPs, and the Commission have all now put on the record as unacceptable.
What to watch: whether the Commission sends a formal access request to Anthropic before August, whether the U.S. government signals any change in its position on the 70-organisation expansion, and whether any European financial institution suffers a publicly disclosed AI-assisted cyber incident that raises the question of whether regulators had sufficient access to evaluate the threat in advance.