California-based artificial intelligence company Anthropic has restricted the European Union’s access to its most advanced cybersecurity model, Claude Mythos. This could increase Europe’s cybersecurity risks and deepen the region’s dependence on US technology providers.
By limiting its assessment of Mythos’ hacking capabilities to a select group of primarily U.S. companies (including Amazon, Apple, and JPMorganChase) and government agencies, Anthropic prevented European banks, software companies, and governments from testing their defenses against one of the most sophisticated AI cyber tools.
The decision comes just days after OpenAI shared its cutting-edge ChatGPT 5.5-Cyber with EU authorities and amid White House concerns about sharing Mythos models more broadly.
The standoff also highlights the growing divide in global access to AI, with key US actors gaining access to frontier systems before their European counterparts, who operate within a narrower regulatory framework.
“There is a risk that software vulnerabilities can be weaponized,” said Paul Timmers, a professor at the University of Leuven and a former European Commission official in the DG CONNECT department. “Selective distribution of these models could create bottlenecks in access to this power, which could have significant implications for European technological sovereignty.”
Man insulates Europe from myth
Anthropic announced in April that its latest AI model, Claude Mythos, has extensive hacking capabilities that pose a global cybersecurity threat. Instead of making the model available to the public, the company released a preview version to a small group of mostly U.S. companies to iron out vulnerabilities in the software before mass deployment.
Thomas Renier, a spokesman for the commission, said at a press conference on Monday that the commission had tried to gain access to Mythos for several weeks to no avail. Meanwhile, OpenAI is sharing ChatGPT 5.5-Cyber with the European Commission’s AI Office, businesses, and governments through the EU Cyber Action Plan, which also includes security briefings by OpenAI engineers.
George Osborne, director of OpenAI for Countries and former UK Chancellor of the Exchequer, said: “AI institutes like ours should not be the sole arbiters of cyber safety, as resilience depends on trusted partners working together.”
“We welcome OpenAI’s involvement,” Renier said on Monday. “There’s also a level of engagement with Mythos. We’ve already had about four or five meetings. But the two discussions are at different stages.”
The EU’s AI law gives it the power to consider certain models as systemic risks, but the AI Office and the European Commission have not yet pulled that lever.
Anthropic’s failure to give the EU and other European institutions access to Mythos massive collision The company filed a lawsuit with the U.S. federal government over military uses of AI after it resisted allowing its models to be deployed in certain war-fighting applications. The company is currently out of a contract to use AI tools in .
After the release of Mythos, the White House took a more hands-on approach to managing the launch, even considering an executive order that would require the government to vet the model before it goes on sale. So far, Washington has opposed Anthropic’s expanded access to the model due to security concerns.
Harry Roe, a researcher at the University of Cambridge, said: “Anthropic’s approach…may represent an attempt to ensure that only the highest quality external testers have access to the model, while minimizing the risk of leakage and bureaucratic resistance.” “At the moment, the EU AI Office is an unknown, but the UK AISI has a proven track record.”
Cybersecurity and technological sovereignty risks
The lack of access has infuriated members of the European Parliament, who say it is another sign that the EU needs to develop its own cutting-edge technological capabilities. Last week, a Congressional committee held a meeting on AI safety and cybersecurity, but Anthropic officials were suddenly unable to attend.
“Europe must not be excluded from access to strategic technologies that are becoming essential for cybersecurity,” said Sandro Gogi, MEP (Renew, France). “But this should also be a lesson: Europe cannot rely on private companies or decisions made outside Europe to understand and protect its own critical vulnerabilities.”
European banks are most wary of Mythos because of the speed at which software vulnerabilities can be exposed, Timmers said. Timmers said there is a growing risk of cascading failures across the highly connected financial sector, which still relies on aging software infrastructure. Major US banks have already received access.
The EU has its own cybersecurity and AI platforms, such as French company Mistral AI, but it lags far behind U.S. companies in terms of the capital needed to develop models and build new data centers.
sign up for of parliament weekly newsletter
Every Friday, our editorial team goes behind the headlines to provide insight and analysis on the key stories driving the EU agenda. Subscribe for free here.
