Anthropic has offered the European Union Agency for Cybersecurity (ENISA) access to Mythos, its non-public frontier cybersecurity model, according to reporting by Bloomberg and the Financial Times on June 1, 2026. The access has not been granted: an ENISA spokesperson said "it's been offered but the conditions are still being agreed." If finalized, ENISA would become the first organization outside the United States and the United Kingdom to join Project Glasswing, Anthropic's controlled-access cyber initiative launched on April 7, 2026.
This is a story about an offer, not an arrival. Multiple outlets — Bloomberg first, then the Financial Times and CNBC — reported that Anthropic has put Mythos on the table for ENISA. None of them reported a signed agreement, a live deployment, or an accepted partnership. We are stressing this at the top because the gap between "offered" and "granted" is the entire story here: a frontier cyber model that can find tens of thousands of vulnerabilities is being dangled in front of a government cybersecurity authority, and the terms that would govern that handoff are exactly what is still under negotiation.
There is no announcement on Anthropic's own newsroom about this. Everything below is sourced to Bloomberg, the Financial Times, and CNBC. We have not independently verified the negotiations, and we are not treating any of it as a done deal. What we can do is explain what Mythos and Project Glasswing actually are, why an offer to a non-US, non-UK government body is a genuine first, and what conditions would have to be agreed before any of this becomes real.
What Was Actually Reported
The core claim, attributed to Bloomberg's June 1, 2026 report and corroborated by the Financial Times: Anthropic has offered ENISA — the European Union Agency for Cybersecurity — access to Mythos. The reporting frames it as an offer in negotiation. The most load-bearing sentence in the entire story is the direct quote from an ENISA spokesperson: "It's been offered but the conditions are still being agreed."
That single sentence does a lot of work. It confirms the offer exists. It confirms ENISA is engaged. And it confirms that nothing is settled — the conditions, plural, are still being negotiated. That is not a partnership; it is the early phase of one. Anyone writing "Anthropic gives ENISA access to Mythos" in the present tense is, on the available evidence, getting the story factually wrong.
What makes this newsworthy is not that a model is being offered to a customer. Anthropic offers Claude to customers constantly. What makes it newsworthy is the specific combination: a non-public frontier cyber model, a government cybersecurity authority, and — if it closes — the first extension of a tightly controlled program beyond the two countries that have had access so far.
What Is Mythos?
Mythos is Anthropic's non-public cybersecurity model. It is not a product you can sign up for. It does not appear on Anthropic's pricing page, and it is not the same thing as the publicly available Claude Security beta that Anthropic shipped earlier in 2026. Mythos sits behind Project Glasswing, accessible only to a vetted, controlled set of partners.
What we know about Mythos's capability comes from the Project Glasswing update of May 22, 2026, which is the closest thing to a public capability disclosure for the model. According to that update, Mythos had identified more than 10,000 high-severity and critical vulnerabilities, and some partners reported bug-finding throughput roughly ten times higher than their prior baselines. We covered the implications of that update in detail when it landed — the short version is that finding vulnerabilities stopped being the bottleneck and patching them became the new constraint. You can read our full breakdown in our analysis of Glasswing's 10,000 zero-days and the patching bottleneck.
The reason Mythos is gated matters here. A model that can autonomously surface 10,000-plus critical vulnerabilities is dual-use by definition: the same capability that helps a defender harden infrastructure helps an attacker find a way in. That dual-use nature is precisely why access is controlled, why the conditions of any new access are negotiated carefully, and why an offer to a government body outside the existing circle is a significant move rather than a routine sales motion.
What Is Project Glasswing?
Project Glasswing is Anthropic's controlled-access cybersecurity initiative, launched on April 7, 2026. Rather than ship Mythos broadly, Anthropic built a circle of vetted partners who get access under defined conditions. The launch cohort, as reported at the time, included AWS, Apple, Microsoft, CrowdStrike, Google, NVIDIA, and Palo Alto Networks, among others — a who's-who of US infrastructure and security vendors.
The architecture is the point. Glasswing is not a marketplace; it is a guarded room. Membership has been concentrated in the United States, with a UK presence, and the partners are predominantly large platform and security companies rather than government agencies. ENISA joining would change two things at once: it would add a government cybersecurity authority to a circle that has been industry-led, and it would extend the geography beyond the US and UK for the first time.
That second change is the headline. Up to now, Glasswing access has been an Anglo-American affair. An EU agency receiving the same frontier model would mark the first time the program crosses into a third jurisdiction — and a jurisdiction with its own regulatory worldview, its own sovereignty concerns, and its own complicated relationship with the US administration on technology transfer.
The Partners Already Inside
To understand why an ENISA offer is a structural shift, look at who is already inside. The reported Glasswing partners — AWS, Apple, Microsoft, CrowdStrike, Google, NVIDIA, Palo Alto Networks — share three traits. They are commercial entities, not governments. They are overwhelmingly US-headquartered. And they have the security engineering depth to operationalize a flood of vulnerability findings rather than drown in them.
ENISA breaks all three patterns. It is a government agency, it is European, and its mandate is coordination and policy as much as hands-on remediation. That is not a criticism — it is the reason the conditions are hard to agree. The terms that work for a hyperscaler with thousands of security engineers are not automatically the terms that work for an EU agency answering to 27 member states.
Offered, Not Granted — Why the Distinction Is the Story
We want to be unambiguous about this, because it is the easiest part of the story to get wrong. ENISA has been offered access to Mythos. ENISA has not been granted access to Mythos. The ENISA spokesperson's own words — "it's been offered but the conditions are still being agreed" — close the door on any present-tense claim that the access exists.
Why does this matter beyond pedantry? Because the conditions are where the substance lives. For a model with Mythos's capability, "conditions" plausibly covers questions like: who at ENISA can run the model, what they can run it against, how findings are handled and disclosed, what guardrails sit around dual-use outputs, where the data goes, and — critically — whether any third-party government needs to sign off on the transfer. None of that is settled. A headline that collapses all of it into "Anthropic gives ENISA Mythos" erases the most consequential open questions in the story.
There is a precedent worth remembering here. Earlier in 2026, the framing around European access to frontier cyber models was that Mythos stayed closed to Europe while a US rival pitched an open alternative — a dynamic we unpacked in our piece on the OpenAI EU cyber action plan versus a closed Mythos. If the ENISA offer closes, it would partially reverse that narrative. But "if it closes" is doing heavy lifting, and the conditions still being agreed are exactly the reason it might not.
The US Permission Question
Here is where the reporting gets genuinely delicate, and where we are going to be careful not to overstate. According to the coverage, there is a question of whether the EU would need sign-off from the US administration to receive Mythos access. The framing varies across sources, so treat this as reported context rather than settled fact.
The reported nuance: the White House is described as not opposed to the EU specifically receiving access, while remaining more reluctant about sharing frontier cyber capability with non-US governments in general. In other words, the EU may be treated as a relatively trusted case even within a posture that is otherwise cautious about exporting this class of capability. We are reporting this as a reported tension, not as a confirmed legal requirement, because the sources themselves are not uniform on exactly how binding any US role would be.
Why would a US administration have a say at all over what a US company offers a foreign government? Because frontier AI capability — especially offensive-leaning cyber capability — increasingly sits inside the same policy conversation as export controls, national security review, and pre-release scrutiny. We have watched that conversation move quickly this year, including reporting on the White House studying FDA-style pre-release reviews for powerful models, which we covered in our analysis of the proposed pre-release review framework. An offer of Mythos to a foreign government body lands squarely in the middle of that emerging regime.
Sovereignty Cuts Both Ways
The sovereignty optics here are layered. On one reading, the EU gaining access to a frontier cyber model strengthens European cyber defense and reduces dependence on tools it cannot inspect or control. On another reading, an EU agency receiving a US-built, non-public model — potentially contingent on US administration comfort — is a textbook example of the dependency that European AI sovereignty advocates have been warning about.
That tension is not hypothetical. Europe has been actively building indigenous alternatives precisely so it is not locked out of, or dependent on, US frontier cyber capability — a dynamic we examined when a European lab set out to build a sovereign equivalent, covered in our piece on Europe building its own Mythos for EU banks locked out of Anthropic. An ENISA-Mythos arrangement and a European sovereign cyber model are not mutually exclusive; if anything, the existence of one is part of the bargaining context for the other.
Why It Matters
Strip away the geopolitics for a moment and the operational stakes are stark. Mythos, per the May 22 Glasswing update, surfaced more than 10,000 high-severity and critical vulnerabilities and drove bug-finding throughput up roughly tenfold for some partners. Put a capability like that in the hands of a body coordinating cyber defense across 27 member states and the upside is obvious: faster discovery of flaws in critical European infrastructure before adversaries exploit them.
But the same May update established the harder truth — finding vulnerabilities is no longer the constraint; patching them is. An EU agency that suddenly receives a firehose of critical findings inherits a remediation problem at continental scale. That is part of why the conditions are non-trivial. Access to Mythos is not a gift that solves cyber defense; it is a capability that reshapes the workload, and the terms have to account for what happens to thousands of findings once they exist.
There is also a competitive dimension. This year has featured an escalating race among frontier labs to position cyber capability as both a defensive product and a geopolitical asset. We have tracked the rival responses, including OpenAI's direct counter to Glasswing and Mythos, covered in our breakdown of OpenAI Daybreak. An Anthropic offer to ENISA — if it closes — would be a meaningful move in that contest, planting a frontier US model inside European government cyber defense ahead of rivals.
How It Compares to the Existing Glasswing Circle
Compared to the partners already inside Glasswing, ENISA is an outlier on every axis that matters. AWS, Microsoft, Google, CrowdStrike, NVIDIA, Apple, and Palo Alto Networks are commercial firms with deep security engineering benches and clear commercial incentives to absorb and act on vulnerability findings. ENISA is a public agency with a coordination-and-policy mandate and accountability to member states.
The commercial partners also operate inside a single legal-and-trust framework that the US administration is comfortable with. ENISA introduces a cross-jurisdiction handoff: a US company offering a US-built model to an EU agency, potentially under the watchful eye of the US government. None of the existing partners required that calculus. That is why an offer to ENISA is not just "one more partner" — it is the first time Glasswing's controlled circle would stretch across the Atlantic to a government body.
What We Don't Know
Plenty. We do not know the specific conditions under negotiation. We do not know whether US sign-off is a hard requirement or a soft preference. We do not know what ENISA would be permitted to run Mythos against, who would operate it, or how findings would be disclosed and remediated. We do not know the timeline, and we do not know whether the deal will close at all. Negotiations that are described as "conditions still being agreed" can stall or collapse as easily as they can finalize.
We also want to be explicit about sourcing. There is no Anthropic newsroom post on this. The reporting comes from Bloomberg, the Financial Times, and CNBC. We have not independently confirmed the negotiations or spoken to the parties. Everything here is framed as reported, and the most important reported fact is the one that constrains all the others: it has been offered, and the conditions are still being agreed.
Our Take
We have been following the Mythos and Glasswing story since the program launched, and this offer fits a pattern we have watched build all year: frontier cyber capability is becoming a geopolitical instrument, not just a product. Offering Mythos to ENISA is, if it closes, exactly the kind of move that turns a model into a diplomatic asset — a US company extending a controlled capability to a strategic partner government, within a posture the US administration appears willing to tolerate for the EU specifically.
What strikes us most is the restraint baked into the reporting itself. The ENISA spokesperson did not spike the ball. "It's been offered but the conditions are still being agreed" is the language of careful diplomacy, not a press release. That tells us the hard part is still ahead. The capability is real, the offer is real, and the willingness on both sides appears real — but the conditions are where a frontier cyber model meets the friction of sovereignty, liability, and control, and that friction has not been resolved.
If this closes, it would be a genuine first: Glasswing crossing beyond the US and UK, and a frontier cyber model landing inside European government defense. If it doesn't, it will still have been a revealing data point about how the US, its leading AI lab, and the EU are negotiating the terms of frontier capability transfer in real time. Either way, the honest framing today is the one ENISA itself used — offered, conditions pending.
What's Next
The next signal to watch is whether either side moves from "offered" to "agreed." Concretely, that would look like ENISA confirming defined access terms, Anthropic acknowledging the arrangement (which it has not done on its newsroom as of this writing), or any indication that the US administration has formally weighed in. Until one of those happens, the status quo holds: an offer on the table, conditions under negotiation, and no granted access.
We will update this story if and when the conditions are agreed, if the offer is withdrawn, or if Anthropic, ENISA, or the US administration issues an on-the-record statement. For now, the safest thing any reader can take away is the distinction we opened with — Mythos has been offered to ENISA, it has not been granted, and the entire outcome hinges on conditions that, as of June 1, 2026, are still being agreed.
Frequently Asked Questions
Did Anthropic give ENISA access to its Mythos model?
No. According to Bloomberg and the Financial Times (June 1, 2026), Anthropic offered ENISA access to Mythos, but it has not been granted. An ENISA spokesperson said: "It's been offered but the conditions are still being agreed." Any claim that access already exists is, on the available evidence, factually wrong.
What is Mythos?
Mythos is Anthropic's non-public frontier cybersecurity model. It is not a publicly available product and is distinct from the public Claude Security beta. Access is gated behind Project Glasswing. Per the May 22, 2026 Glasswing update, Mythos had identified more than 10,000 high-severity and critical vulnerabilities, with some partners reporting roughly tenfold higher bug-finding throughput.
What is Project Glasswing?
Project Glasswing is Anthropic's controlled-access cybersecurity initiative, launched on April 7, 2026. Rather than release Mythos broadly, Anthropic granted access to a vetted circle of partners — reported to include AWS, Apple, Microsoft, CrowdStrike, Google, NVIDIA, and Palo Alto Networks — under defined conditions.
Would ENISA be the first Glasswing member outside the US and UK?
Yes. If the offer closes, ENISA — the European Union Agency for Cybersecurity — would be the first organization outside the United States and the United Kingdom to gain access to Mythos through Project Glasswing, and the first government cybersecurity authority in a circle that has so far been industry-led.
Who are the existing Project Glasswing partners?
The reported launch cohort from April 7, 2026 included AWS, Apple, Microsoft, CrowdStrike, Google, NVIDIA, and Palo Alto Networks, among others. They are predominantly large US-headquartered platform and security companies — commercial entities rather than government agencies.
Does the EU need US permission to access Mythos?
It is reported as an open question, not a confirmed requirement. According to the coverage, the White House is described as not opposed to the EU specifically receiving access, while remaining more reluctant about sharing frontier cyber capability with non-US governments in general. The sources are not uniform on how binding any US role would be, so it should be treated as reported context.
Did Anthropic officially announce the ENISA offer?
No. There is no post on Anthropic's newsroom about this as of June 1, 2026. The story is sourced to Bloomberg, the Financial Times, and CNBC. It should be cited as reported by those outlets, not as an Anthropic announcement.
How is Mythos different from the public Claude Security beta?
The public Claude Security beta is a broadly available product. Mythos is a non-public, gated frontier model accessible only through Project Glasswing's controlled circle. They are separate offerings: one is generally available, the other is tightly restricted.
What conditions are still being negotiated?
The specifics have not been reported. For a model with Mythos's capability, plausible conditions include who can operate it, what it can be run against, how vulnerability findings are handled and disclosed, dual-use guardrails, data handling, and whether any US administration sign-off is required. ENISA confirmed only that "the conditions are still being agreed."
Why does the "offered versus granted" distinction matter so much?
Because the conditions are where the substance lives. The gap between an offer and a signed agreement covers the most consequential open questions — operational controls, disclosure, dual-use safety, and potential US sign-off. Collapsing it into "Anthropic gives ENISA Mythos" erases exactly the issues that determine whether the arrangement is safe, legal, and real.
How does this affect European AI sovereignty?
It cuts both ways. EU access to a frontier cyber model could strengthen European cyber defense, but receiving a US-built, non-public model — potentially contingent on US comfort — also illustrates the dependency that sovereignty advocates warn about. It is part of the same context in which Europe has been building indigenous cyber alternatives.
What happens next?
The key signal is any move from "offered" to "agreed": ENISA confirming defined terms, Anthropic acknowledging the arrangement, or the US administration formally weighing in. Until then, the status holds — an offer on the table, conditions under negotiation, and no granted access.
