Finance ministers from the Eurozone will meet to discuss Anthropic's Mythos AI, as no EU government currently has access, and the White House is preventing its expansion.

      TL;DR: Euro-area finance ministers will meet with banking supervisors on Monday to discuss Anthropic’s Mythos AI model. No EU government has access to this model, which can identify zero-day vulnerabilities in major operating systems and browsers. The Bundesbank has called for the EU to gain access. Meanwhile, the White House is using Mythos via the NSA but is opposed to Anthropic’s plan to broaden access to 70 more organizations, while the Pentagon has labeled Anthropic a supply chain risk.

      According to a senior EU official, Euro-area finance ministers are set to discuss Anthropic’s Mythos AI model with banking supervisors on Monday. This technology is currently inaccessible to any EU government and has been flagged by the US Pentagon as a national security supply chain risk. While the White House utilizes the model through the National Security Agency, it is also blocking Anthropic's attempt to expand access to other organizations. After Monday's talks, the ministers are anticipated to revisit the issue as they gather more information; however, the challenge lies in the fact that they cannot obtain information about the model's capabilities, as governments are only hearing rumors.

      What Mythos does

      On April 7, Anthropic unveiled Claude Mythos Preview as part of a restricted access program known as Project Glasswing. This model can autonomously discover and exploit zero-day vulnerabilities in all major operating systems and web browsers. It has identified thousands of critical vulnerabilities, including a 27-year-old bug in OpenBSD and a 16-year-old remote code execution flaw in FreeBSD. In a single evaluation pass, Mozilla addressed 271 Firefox vulnerabilities identified by Mythos, a figure more than twelve times greater than those detected by Anthropic’s earlier model. Anthropic considers the system to be “currently far ahead of any other AI model in cyber capabilities” and has limited access to a select group of launch partners, which include Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks. Additionally, the company is providing up to $100 million in usage credits and $4 million in direct donations to open-source security organizations. Over 99 percent of the vulnerabilities uncovered remain unpatched.

      The model's functions serve both defensive and offensive purposes. In the hands of a security team, Mythos is capable of identifying and aiding in the remediation of long-standing vulnerabilities in critical infrastructure. Conversely, a threat actor could exploit the same capabilities to execute cyberattacks at an unprecedented scale and speed, which human hackers cannot achieve. Anthropic has restricted the release of Mythos specifically due to this dual-use risk. However, this limitation presents its own issue: organizations that have access can identify their vulnerabilities, while those without access cannot. This creates a competitive and security disadvantage for European banks that rely on complex, interlinked, and often outdated technological systems—a concern officially recognized by the Bundesbank.

      The access problem

      Germany's chief banking supervisor, Michael Theurer, has urged the European Commission and EU governments to seek access to Mythos either from Anthropic or directly from the US government. “It is essential for the European Commission and governments to approach the company or the United States to request the sharing of this technology,” Theurer stated. Bundesbank President Joachim Nagel asserted that “all relevant institutions should have access to such technology to prevent competitive distortions.” The concern is that without access to the model, European banks cannot verify what vulnerabilities Mythos can identify and, therefore, cannot defend against unseen threats. Theurer cautioned that a persistent access gap could potentially lead to a situation where economic actors become reliant on state assistance.

      This access issue transcends Europe. Mythos was a prominent topic at last week's IMF spring meetings in Washington. IMF Managing Director Kristalina Georgieva noted that the world lacks the capability to safeguard the international monetary system against significant cyber risks, stating that “time is not our friend on this one.” Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convened an urgent meeting with top US bank CEOs to deliberate on the cybersecurity implications. Bank of England Governor Andrew Bailey, who leads the Financial Stability Board, described it as “a very serious challenge for all of us.” European Central Bank President Christine Lagarde highlighted the core dilemma: “The developments we’ve seen with Anthropic and Mythos illustrate a responsible company that may have beneficial technology but also poses grave risks if misused.” Regulators from the Fed, ECB, Bank of England, Treasury, and Australia’s ASIC are now monitoring Mythos for systemic financial risk.

      The contradiction

      The positioning of the White House regarding Mythos is fundamentally inconsistent. The NSA is employing the model, while the Pentagon has flagged Anthropic as a supply chain risk for refusing to permit its AI for autonomous weapons and domestic mass surveillance. The White House has communicated to Anthropic its opposition to the company's plan to expand access to about 70 additional organizations, citing concerns that Anthropic lacks