Eurozone finance ministers will convene to discuss Anthropic's Mythos AI, as no EU government currently has access, and the White House is preventing further expansion.

      TL;DR Euro-area finance ministers are set to discuss Anthropic’s Mythos AI model with banking supervisors on Monday. No EU government currently has access to this model, which is capable of identifying zero-day vulnerabilities in major operating systems and browsers. The Bundesbank has called on the EU to request access. Meanwhile, the White House is utilizing Mythos through the NSA while opposing Anthropic’s initiative to broaden access to an additional 70 organizations, and the Pentagon has marked Anthropic as a supply chain risk.

      According to a senior EU official, Euro-area finance ministers will engage with banking supervisors about Anthropic’s Mythos AI model on Monday. This technology, which no European Union government has access to, has been flagged by the US Pentagon as a national security supply chain risk. At the same time, the White House is using it via the NSA but is blocking Anthropic from expanding its access to other entities. After Monday's discussion, ministers are expected to revisit the topic once they have more information, although acquiring this information presents its own challenges, as governments are currently only hearing rumors about the model's capabilities.

      What Mythos does

      On April 7, Anthropic launched Claude Mythos Preview as part of a restricted access initiative called Project Glasswing. This model autonomously identifies and exploits zero-day vulnerabilities across all major operating systems and web browsers. It has already detected thousands of significant vulnerabilities, including a 27-year-old bug in OpenBSD and a 16-year-old remote code execution flaw in FreeBSD. Mozilla addressed 271 Firefox vulnerabilities uncovered by Mythos in a single assessment, over twelve times more than those found by Anthropic's previous most effective model. Anthropic has stated that the system is “currently far ahead of any other AI model in cyber capabilities” and has limited access to a consortium of launch partners, including Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks. The company is also offering up to $100 million in usage credits and $4 million in direct donations to open-source security organizations. More than 99 percent of the vulnerabilities identified remain unpatched.

      The model’s capabilities are both defensive and offensive. When utilized by a security team, Mythos can help identify and rectify longstanding vulnerabilities in critical infrastructure. Conversely, in the hands of a malicious actor, these same capabilities could be used to conduct cyberattacks at a scale and speed beyond what human hackers can achieve. Anthropic has restricted access due to this dual-use risk, but this limitation results in its own issues: organizations that can access the model are aware of their vulnerabilities, whereas those without access are left in the dark. For European banks, which depend on complex, interconnected, and often outdated technology systems, this asymmetry represents a significant security and competitive disadvantage, a concern that has been formally recognized by the Bundesbank.

      The access problem

      Germany’s chief banking supervisor, Michael Theurer, has urged the European Commission and EU governments to seek access to Mythos from Anthropic or directly from the U.S. administration. He indicated that it is essential for the European Commission and governments to engage with either the company or the United States to request sharing of the technology. Bundesbank President Joachim Nagel was more forthright, stating that all relevant institutions should have access to this technology to prevent competitive imbalances. The worry is that European banks cannot assess which vulnerabilities Mythos can find without access to the model itself, which hampers their ability to defend against unseen threats. Theurer cautioned that “we may be moving into a situation where economic actors could potentially become reliant on state support” if the access gap continues.

      The issue of access is not limited to Europe. Mythos was a prominent topic at last week’s IMF spring meetings in Washington. IMF Managing Director Kristalina Georgieva noted that the world lacks the capacity to “protect the international monetary system against massive cyber risks” and emphasized that “time is not on our side.” Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convened an urgent meeting with top US bank CEOs to discuss cybersecurity implications. Bank of England Governor Andrew Bailey, who chairs the Financial Stability Board, termed it “a very serious challenge for all of us.” European Central Bank President Christine Lagarde highlighted the core issue: “The development we’ve seen with Anthropic and Mythos illustrates a responsible company that recognizes its potential benefits but also its risks if it falls into the wrong hands.” Regulators from the Fed, ECB, Bank of England, Treasury, and Australia’s ASIC are now all keeping an eye on Mythos for systemic financial risk.

      The contradiction

      The White House’s stance on Mythos appears inconsistent. The NSA is employing the model, while the Pentagon has classified Anthropic as a supply chain risk due to its refusal to allow the AI to be used for autonomous weapons and domestic mass surveillance. Additionally, the White House has informed