On June 1, 2026, Anthropic offered the European Union's cybersecurity agency ENISA access to Claude Mythos Preview through its controlled-access program, Project Glasswing. ENISA is the first EU institution admitted. The terms governing how it can use the model were still being negotiated when the news broke. A private American AI lab is the gatekeeper of the most advanced vulnerability-finding tool in the world, and the EU's available move was to ask to be let in.

The model the EU was locked out of

Anthropic previewed Claude Mythos Preview on April 7, 2026. The technical assessment describes a model that finds and exploits software vulnerabilities autonomously, at a level the company says surpasses all but the most skilled human researchers. Since the program launched in early April, Anthropic and its roughly 50 Project Glasswing partners have identified more than 10,000 high or critical-severity flaws.

The receipts: a 27-year-old denial-of-service vulnerability in OpenBSD's TCP SACK implementation, surfaced by Mythos autonomously. A 17-year-old remote-code-execution vulnerability in the FreeBSD NFS server, catalogued as CVE-2026-4747, that lets an unauthenticated attacker gain root. On Anthropic's own autonomous-exploit benchmark, Mythos Preview cleared about 73% of expert-level exploit tasks, far above Opus 4.6.

The 99% that nobody has patched yet

Anthropic states that more than 99% of what Mythos has surfaced remains unpatched, because the bugs are still moving through coordinated disclosure with the affected vendors. Only the small fraction that has been triaged and fixed can be discussed publicly. The rest is held inside Anthropic and its vetted partners.

That asymmetry is where the diplomatic pressure formed. European banks, government agencies, hospitals, water utilities, and grid operators all run on software that overlaps heavily with the OpenBSD-FreeBSD-Linux family Mythos has been turned loose on. Whatever Mythos has found, the people defending European infrastructure had not yet been told. Until June 1, no EU institution had a path to that information that did not first run through a vetted list of private firms in another country.

Brussels negotiated. It didn't build.

The diplomatic record runs back through April. On April 21, Bundesbank president Joachim Nagel said at an event in Rome that "all relevant institutions should have access to such technology to avoid competitive distortions." The framing was deliberate. Nagel was not asking for export controls or for a European Mythos. He was asking, on behalf of a G7 central bank, to be let into an American product.

On May 11, OpenAI extended GPT-5.5-Cyber to European institutions under what it called the EU Cyber Action Plan, scoping vetted access to European governments, cybersecurity agencies, and EU bodies including the AI Office. That sharpened the asymmetry. The EU had access to OpenAI's defensive cyber model and no access to Anthropic's. Weeks of pressure from euro-area finance ministers, the ECB, and the Bundesbank followed.

The June 1 announcement was the resolution. European Commission tech sovereignty spokesperson Thomas Regnier told reporters, "We welcome the latest developments on potential future access." One day later, Anthropic widened Glasswing to roughly 150 new organizations across more than 15 countries, into the sectors not covered by the initial cohort: power, water, healthcare, communications, and hardware. The number Anthropic ran on its own admissions: a major attack on most partners could affect more than 100 million people.

What the AI Act can't do

Under the EU AI Act, the law regulates how AI is deployed inside Europe, which categories of system require which conformity assessments, what providers must disclose. The statute can compel documentation and even independent evaluation of the model, but no mechanism hands a European agency an operational copy to run. The legal instrument that governs AI in Europe can demand disclosure, but it cannot hand European defenders the tool that found ten thousand high-severity flaws in their software.

So the deal that emerged is an ad-hoc bilateral arrangement, negotiated between a US company and the European Commission, sitting outside the regulatory framework that was supposed to give Europe authority over this technology. The conditions of ENISA's use of the model are being settled by lawyers, not by statute.

Why it matters

Frontier-AI gating is taking a shape regulators were not drafting against. Export controls assume a state-to-state or company-to-state choke point. Privacy regulation assumes the company collects data; the question is what it does with it. Neither covers the case where a US lab unilaterally decides which sovereign agencies get to see what is wrong with the software running their critical infrastructure, and the rest of the world has to ask politely for the audit.

For the past three years, the standard frame for the EU AI Act was that Brussels had become a regulatory superpower with global reach. In this story Brussels did not assert jurisdiction over Mythos. The Commission submitted an application.

The next sovereign-capability question is already queued up behind this one. Frontier models are about to be capable of designing new biological pathogens, of running undetectable financial-market interventions, of generating live propaganda matched to individual voters. Each of those capabilities will sit, at first, behind one private company's access list. Which European agency gets to be inside the room when the next one ships, and which gets to watch it from outside?

Originally published as an Instagram carousel on @recul.ai.