EU Discusses Risks of Anthropic’s Mythos AI Model

The European Union is in discussions with U.S.-based artificial intelligence company Anthropic regarding concerns about the capabilities of its latest AI model, Claude Mythos, which the company itself warns could be misused to exploit software vulnerabilities at unprecedented speed and scale.

Anthropic’s new model, Claude Mythos, has demonstrated the ability to autonomously scan vast amounts of code to identify and chain together previously unknown security weaknesses in software ranging from operating systems to web browsers. According to the company and its partners, this capability operates at a speed and scale no human could match, raising alarms that it could be used to compromise critical infrastructure such as banks, hospitals, or national systems within hours if fallen into malicious hands.

The model was introduced by Anthropic in early April as a “Mythos Preview.” Rather than releasing it widely, the company has restricted access to just 40 major technology firms through an initiative called Project Glasswing. Participants include Amazon Web Services, Apple, Microsoft, Google, Nvidia and Broadcom, who are using early access to strengthen defenses in critical software before broader deployment.

European Commission spokesman Thomas Regnier confirmed that initial talks with Anthropic took place on Wednesday, April 16, 2026, with further meetings planned. He stated that the EU is seeking information about the risks associated with the model, emphasizing the need for proactive engagement given its potential dual-use nature.

Anthropic has acknowledged the risks tied to Mythos, noting that while the model represents a significant advancement in AI-assisted cybersecurity tasks, its offensive capabilities could pose serious threats if not properly contained. The company has expressed concern that the model’s ability to find and exploit dormant bugs in legacy code could be a “boon for hackers” without adequate safeguards.

The discussions come amid broader scrutiny of advanced AI models and their implications for digital security. Regulators and industry experts are evaluating how such tools should be governed, particularly when their capabilities blur the line between defensive security research and offensive cyber operations.

As of April 17, 2026, no foreign entities outside the initial 40 tech partners have been included in the Project Glasswing initiative, a limitation that has raised concerns about global preparedness for a model whose effects would not be confined by national borders.