Anthropic is opening the door for the European Union Agency for Cybersecurity, known as ENISA, to access Claude Mythos, the company’s AI model built specifically to hunt software vulnerabilities at industrial scale.
Mythos was purpose-built to scan codebases and flag exploitable weaknesses. When Anthropic unveiled Claude Mythos Preview on April 7, 2026, the model can scan over 1,000 open-source projects and identify vulnerabilities at a pace and scale that no human security team could match.
What Mythos actually does, and why it matters
In its initial deployment, Mythos flagged approximately 23,019 total vulnerabilities across those projects. Of those, an estimated 6,202 were classified as high or critical severity.
To manage the risks of releasing something this powerful, Anthropic created Project Glasswing, a controlled rollout that restricted access to about 50 vetted partners. The roster includes Amazon, Microsoft, Apple, Nvidia, and JPMorgan among them.
Anthropic backed the initiative with $100 million in usage credits for partners and $4 million in donations directed at open-source security projects.
On May 18, 2026, Anthropic enabled its Glasswing partners to share Mythos-derived security findings with their own stakeholders, while direct access to the model itself stayed locked down.
Why Europe gets a seat now
European Commission officials had been planning meetings with Anthropic to discuss the model’s capabilities and negotiate potential access. However, as of late May 2026, no confirmed access arrangements for ENISA had been established. Various European Parliament members and national regulators, including Germany’s Bundesbank, have made official requests to Anthropic or U.S. authorities for broader access.
The competitive and investment landscape
Traditional vulnerability scanning tools rely on known signature databases, essentially checking code against a library of previously identified bugs. Mythos operates differently, using reasoning capabilities to identify novel vulnerabilities that haven’t been catalogued yet.
For the roughly 50 firms inside Project Glasswing, the advantage is tangible. They’ve had weeks to assess and patch vulnerabilities in software they depend on, while competitors without access have been flying blind.
The $100 million in usage credits Anthropic committed to Glasswing partners signals how the company plans to monetize this technology long-term. The model also showcases a dual-use capability that facilitates both the discovery of defensive vulnerabilities and the generation of offensive exploits. As access expands, the surface area for misuse grows, and further EU rollout still hinges on the establishment of additional safeguards.