Finance ministers from the euro area will meet to discuss Anthropic's Mythos AI, as no government in the EU currently has access, and the White House is preventing its expansion.

      TL;DR: Euro-area finance ministers are set to discuss Anthropic’s Mythos AI model with banking supervisors on Monday. No EU government currently has access to this model, which is capable of identifying zero-day vulnerabilities in major operating systems and browsers. The Bundesbank has called on the EU to seek access. Meanwhile, the White House is utilizing Mythos through the NSA while opposing Anthropic's plan to broaden access to 70 more organizations, and the Pentagon has flagged Anthropic as a supply chain risk.

      Euro-area finance ministers will convene with banking supervisors on Monday to deliberate over Anthropic’s Mythos AI model, as reported by a senior EU official. This technology remains inaccessible to any government within the European Union and is associated with a company designated by the Pentagon as a national security supply chain risk. At the same time, the White House is using this technology via the National Security Agency while blocking the company’s efforts to grant broader access. After Monday's meeting, the ministers are expected to revisit the issue once they obtain additional information, but as stated by the EU official, they are only hearing unverified claims about Mythos's capabilities.

      What Mythos does

      On April 7, Anthropic unveiled the Claude Mythos Preview under a limited access initiative known as Project Glasswing. This model can autonomously detect and exploit zero-day vulnerabilities across all major operating systems and web browsers. It has already uncovered thousands of critical vulnerabilities, including a 27-year-old bug in OpenBSD and a 16-year-old remote code execution flaw in FreeBSD. Mozilla rectified 271 vulnerabilities in Firefox that were discovered by Mythos in just one evaluation, which is over twelve times the number found by Anthropic’s preceding advanced model. Anthropic has characterized this system as “currently far ahead of any other AI model in cyber capabilities” and has restricted access to a group of launch partners: Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks. The company is contributing up to $100 million in usage credits and $4 million in direct donations to open-source security organizations, with more than 99 percent of the discovered vulnerabilities still unaddressed.

      The model exhibits both defensive and offensive capabilities. In the hands of a security team, Mythos can pinpoint and assist in rectifying vulnerabilities that have lingered in vital infrastructure for years. Conversely, these same capabilities can be manipulated by threat actors to execute cyberattacks at a scale and speed beyond human hackers. Anthropic has limited the release due to the associated dual-use risk, but this limitation has its own implications: organizations with access can understand their vulnerabilities, whereas those without cannot. For European banks dependent on complex, interlinked, and often outdated technology systems, this disparity poses a real competitive and security risk, which the Bundesbank has officially recognized.

      The access problem

      Germany’s chief banking supervisor, Michael Theurer, has urged the European Commission and EU governments to pursue access to Mythos from Anthropic or directly from the US administration. “I believe it is essential for the European Commission and European governments to approach the company, or rather the United States, to request the sharing of this technology,” Theurer stated. Bundesbank President Joachim Nagel was even more straightforward, asserting that “all relevant institutions should have access to such technology to prevent competitive distortions.” The challenge is that European banks lack the ability to test what vulnerabilities Mythos can detect without access to the model, meaning they cannot defend against unseen threats. Theurer has cautioned that if this access gap continues, "we may be entering a situation where economic participants could potentially become reliant on state assistance."

      The access issue also goes beyond Europe. Mythos was a major topic at last week’s IMF spring meetings in Washington, where IMF Managing Director Kristalina Georgieva remarked that the world lacks the means to “shield the international monetary system against massive cyber risks,” indicating that “time is not on our side in this regard.” Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convened an urgent meeting with leading US bank CEOs to assess the cybersecurity ramifications. Bank of England Governor Andrew Bailey, chair of the Financial Stability Board, labeled it “a very serious challenge for everyone involved.” Christine Lagarde, President of the European Central Bank, highlighted the central issue: “The developments with Anthropic and Mythos exemplify a responsible company that is aware of the potential benefits, yet recognizes the severe dangers if that technology falls into the wrong hands.” Regulators from the Fed, ECB, Bank of England, Treasury, and Australia’s ASIC are now monitoring Mythos for overarching financial risks.

      The contradiction

      The White House's stance on Mythos presents a contradictory framework. While the NSA is employing the model, the Pentagon has classified Anthropic as a supply chain risk for not permitting its AI to be utilized for autonomous weapons and domestic mass surveillance. Simultaneously,