ENISA is heading to San Francisco to discuss access to Anthropic's vulnerability-hunting AI model amid new US export controls
Europe’s cybersecurity agency is sitting down with Anthropic on Thursday to talk about getting access to one of the company’s most advanced AI models, one specifically designed to find and exploit software vulnerabilities. The European Commission confirmed the meeting, which caps off months of back-channel discussions between Brussels and the AI company.
The meeting between the European Union Agency for Cybersecurity (ENISA) and Anthropic is taking place in San Francisco on June 18. It follows at least four to five prior discussions that have been ongoing since April 2026, according to the Commission.
What the EU is after #
At the center of this conversation is Anthropic’s AI model known as Mythos. Access to Mythos isn’t open to just anyone. Anthropic gates it through a controlled initiative called Project Glasswing, which is designed specifically for cybersecurity vulnerability research.
That’s exactly what ENISA has been trying to do. As of early June, the agency had not yet secured active access to Mythos, with negotiations over terms and safeguards still ongoing. Commission spokesperson Thomas Regnier confirmed that there had been “several productive meetings” with Anthropic leading up to this session.
The export control complication #
The meeting was pre-scheduled, but it’s now happening against the backdrop of new US export controls imposed in mid-June 2026. These restrictions limit foreign access to some of Anthropic’s most advanced AI models, and Mythos is on that list.
The timing creates a somewhat awkward dynamic. The EU has been working for months to gain access to a model that the US government has now decided should be harder for foreign entities to obtain. Whether those export controls will directly affect ENISA’s ability to participate in Project Glasswing remains to be seen, but it certainly adds a layer of complexity to the negotiations.
Why this matters beyond Brussels #
The ENISA-Anthropic dialogue is one of the more visible examples of governments trying to formalize their relationship with frontier AI companies on security matters. Mythos is designed to identify and exploit software vulnerabilities — useful for defensive cybersecurity, but also a tool with offensive applications. The safeguards and terms being negotiated between ENISA and Anthropic are essentially the guardrails that determine how that line gets drawn.
The fact that it took months of discussions just to get to this meeting, with access still not secured, tells you something about how difficult these negotiations are.
Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our