Anthropic has invited the European Commission to grant the EU’s cybersecurity agency, ENISA, access to Mythos, its most advanced autonomous AI model. ENISA would be the first EU body to gain access to the system, which Anthropic initially restricted to US-aligned partners when it launched in April as part of Project Glasswing.

“We welcome the latest developments on potential future access,” EU tech sovereignty spokesperson Thomas Regnier told CNBC on Monday. The Commission confirmed it had “several productive meetings” with Anthropic, adding that the bloc aims to understand the potential risks the technology poses.

Why Mythos Required Government Clearance

Mythos is not a standard language model. It excels at identifying security flaws and previously unknown vulnerabilities in software, capabilities that alarmed governments, banks, and tech firms when the model first appeared in April. The concern: in the wrong hands, Mythos could accelerate cybercrime by automating the discovery of exploitable weaknesses at scale.

That dual-use potential is why access was initially confined to a small group of companies under Anthropic’s cybersecurity initiative. When the EU sought access, Anthropic told the Commission it needed US government permission to share the model with non-US governments, CNBC previously reported. The US administration has resisted sharing advanced models with foreign governments as part of its strategy to maintain AI dominance.

The EU had already secured access to OpenAI’s GPT-5.5-Cyber model in May, but Anthropic negotiations were at a “different stage” at that point, with the Commission noting it had held “four or five” meetings with the company, per CNBC.

Export Controls for Agent Capabilities

Regnier framed the issue as broader than one model: “Let’s not forget that Mythos is not one off. A new wave of powerful models are coming to the market. This is a shared challenge, and we are intensifying our discussions with like-minded partners, including the United States,” he told CNBC.

Reuters confirmed the “productive meetings” characterization. Bloomberg first reported that ENISA would be the specific EU recipient. Official terms and conditions have not been finalized, and Anthropic did not immediately comment.

The Trump administration separately announced agreements in May with Google DeepMind, Microsoft, and Elon Musk’s xAI to assess AI models before public release. That pre-release review framework, combined with the Mythos access negotiations, signals a new regime taking shape: advanced autonomous agents treated as strategic assets subject to export-style controls, even between allies.

The Precedent for Agent Builders

The Mythos expansion establishes a template that will likely apply to every sufficiently capable autonomous agent. Vendors building agents with offensive security capabilities, vulnerability discovery, or system-level access should expect regulatory gatekeeping on who can deploy them and where. The question is no longer whether governments will restrict agent deployment across borders, but how quickly the frameworks for doing so will formalize.