An Anthropic AI model that can find zero-days in every major operating system has become a geopolitical and prudential question. The Eurogroup met in Brussels on Monday with no answer in hand.
Brussels on a Monday morning in early May is not, by tradition, the place where the world’s most powerful AI model gets discussed. The Eurogroup meets in a handsome but functional room. Finance ministers exchange position papers.
The agenda runs heavily to operational resilience, banking-union arcana, and the precise wording of Council conclusions. It is not, on most occasions, where headlines are made.
On 4 May, the room was talking about something else. Bloomberg confirmed that euro-area finance ministers had convened to discuss Anthropic’s Mythos AI model and what to do about the fact that no European government currently has access to it. The model, unveiled by Anthropic on 7 April, can identify and, in principle, exploit zero-day vulnerabilities in every major operating system and web browser.
The White House has spent the last several weeks blocking Anthropic’s proposal to expand access to roughly 70 additional organisations.
Europe’s banking regulators, in the meantime, have been doing the maths on what that gap means for the financial system.
Anthropic’s own description of the system, set out in the Project Glasswing announcement on 7 April, does not understate the case. Mythos Preview is a frontier model whose coding capability has crossed a threshold: it can find software vulnerabilities at a rate and at a depth that surpasses all but the most skilled human researchers.
Thousands of high-severity vulnerabilities were found in days, including a 27-year-old bug in OpenBSD, a 16-year-old remote-code-execution flaw in FreeBSD, and 271 separate Firefox vulnerabilities patched by Mozilla after a single evaluation pass.
What that means for defenders, in the analysis of the cryptography researcher Bruce Schneier and others writing on the model’s strategic significance, is unambiguous. A model with this capability, used offensively, gives an attacker a structural advantage that defenders cannot match without comparable access.
The corollary is that defenders without comparable access are now meaningfully behind. That is the calculation Europe’s banking supervisors have been running.
The Bundesbank moved first. In late April, Germany’s central bank publicly called on the EU to demand access to Mythos, arguing that without it European banks could not realistically test their own infrastructure against threats that an adversary with the model would be capable of mounting.
The European Central Bank, meanwhile, convened calls with chief risk officers at eurozone lenders and began collecting information on how banks are preparing for AI-powered cyberattacks.
Christine Lagarde, the ECB’s president, characterised Anthropic as a responsible operator while warning that the model in the wrong hands “could be really bad.”
Switzerland’s regulator went further. FINMA warned in April that immediate, broad Mythos access would itself pose a systemic risk to Swiss banks: not because the model is malicious, but because deploying offensive-security capability of this kind without the defensive infrastructure to absorb its outputs could overwhelm internal incident-response systems.
ASIC, the Australian regulator, joined the monitoring effort separately, and Kristalina Georgieva, the IMF’s managing director, told reporters at the Fund’s spring meetings that the international monetary system did not yet have the protections it would need against a sustained AI-augmented cyber-incident.
None of those statements is novel as policy. What is novel is the speed at which they have lined up around a single product.
Why the White House is saying no?
The Trump administration’s position is that broader Mythos access raises two distinct concerns. The first is misuse: a model capable of writing exploits cannot, by definition, be safely distributed.
The second is operational: the infrastructure required to support a wider rollout, the cleared facilities, the access controls, and the monitoring, does not, in the administration’s view, yet exist for the larger user base Anthropic proposes.
There is also a quieter, more awkward dynamic. The National Security Agency is already using Mythos through arrangements that predate the public dispute, even as the Pentagon has separately designated Anthropic a supply-chain risk in a related procurement matter.
The US Treasury has, additionally, requested access to Mythos to help find flaws in its own systems. The administration’s posture is, in other words, restrictive on outward distribution and permissive on its own use, a position that is internally coherent but strategically delicate when applied to allies who would, in any normal counterintelligence calculation, expect to be on the inside of such an arrangement.
It is that asymmetry, more than the model itself, that has produced the European reaction.
What Anthropic has actually said, and not said
Anthropic’s public position has been carefully framed. The company has acknowledged that Mythos’s capabilities required the new safeguards Project Glasswing was designed to provide, and has launched the initiative with AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks as initial partners.
The financial-services representation is thin: JPMorgan Chase is the only bank explicitly named. Goldman Sachs and Citigroup, by separate reporting, are evaluating the model internally. No European bank is on the launch list.
Privately, Anthropic has indicated to officials that European access will be provided “soon,” the standard temporal hedge in commercial diplomacy. No formal agreement has been signed. The Eurogroup, on Monday, did not produce one. What it did produce was a clearer collective signal that European supervisors expect equivalent treatment and intend to escalate if it is not granted.
The harder question the meeting is circling
The structural problem is not really about Anthropic, or about Mythos in particular, although both are the proximate triggers. We have been tracking the broader pattern: frontier models with offensive-security capability are now moving between governments faster than the regulatory infrastructure designed to oversee them.
The export-control framework that historically governed this kind of capability, designed for satellite components and nuclear materials, was not built for software that updates monthly and can be exfiltrated by anyone with sufficient credentials.
Anthropic’s own experience underlines that point. Unauthorised users were able to gain access to Mythos through private channels not long after its limited launch, exposing the difficulty of containing high-demand AI systems with offensive applications.
The breach was small but instructive: even Anthropic, with the strongest security culture among frontier labs, cannot fully control distribution of a model this capable.
European supervisors, watching this play out, have concluded something they would not say out loud at a press conference. The model exists. Hostile actors will, sooner or later, obtain access through one channel or another. Defenders need parallel access not because they want to use Mythos offensively but because, without it, the defender side of the trade is structurally short.
TNW’s earlier coverage of this Eurogroup discussion framed it precisely that way. Monday’s meeting did not advance the answer. It clarified the question.
Where this points?
There are three plausible outcomes. The first is bilateral: the United States and the EU agree, quietly, on a controlled access arrangement that mirrors how some other intelligence-sharing capabilities have historically been distributed. That would solve the immediate prudential problem and accept the political cost of a closed-door deal.
The second is delay: the Eurogroup issues guidance, supervisors collect data, and the structural gap persists for another quarter while Anthropic and the White House work through their own dispute.
The third, the most disruptive, is European technical autonomy: a serious investment in a comparable European model, backed by sovereign capital and structured for explicit allied control.
None of these outcomes will be visible from a Monday Eurogroup. They will be visible in supervisory letters, allocation decisions, and procurement budgets over the next several quarters.
What was visible on 4 May is that Europe’s finance chiefs no longer think they can manage the cyber-defence problem at the level of advice and guidance. They want the tools. The question is who decides whether they get them, and how long that decision is allowed to take.
Anthropic, sitting in the middle of this, is in the unusual position of being asked to ship a system its primary government customer would prefer it did not ship at this scale. That is not a problem the company can solve on its own. Monday’s meeting was a reminder that it is now the kind of problem its model has, by its capability, made everyone else’s.
Get the TNW newsletter
Get the most important tech news in your inbox each week.