Anthropic's Mythos AI model, capable of finding zero-day vulnerabilities in every major operating system and web browser, has become a flashpoint between European financial regulators and the US government. The Eurogroup met in Brussels on May 4 to discuss the lack of European access to the model, but no resolution was reached.
What Mythos does
Unveiled by Anthropic on April 7, Mythos Preview is a frontier coding model that can identify and exploit software vulnerabilities at a rate and depth surpassing most human researchers. In testing, it found thousands of high-severity vulnerabilities in days, including a 27-year-old bug in OpenBSD, a 16-year-old remote-code-execution flaw in FreeBSD, and 271 Firefox vulnerabilities patched by Mozilla after a single evaluation pass.
The European position
Europe's banking supervisors have concluded that defenders without access to Mythos are structurally disadvantaged. The Bundesbank publicly called on the EU to demand access in late April, arguing European banks cannot realistically test their infrastructure against threats an adversary with the model could mount. The European Central Bank convened calls with chief risk officers at eurozone lenders to assess preparedness for AI-powered cyberattacks. ECB president Christine Lagarde characterized Anthropic as a responsible operator while warning the model in the wrong hands "could be really bad." Switzerland's FINMA warned that immediate broad access would itself pose a systemic risk, as deploying offensive-security capability without defensive infrastructure to absorb its outputs could overwhelm internal incident-response systems. The IMF's Kristalina Georgieva told reporters the international monetary system lacks protections against sustained AI-augmented cyber incidents.
Why Washington is blocking access
The Trump administration's stated concerns are twofold: misuse risk from a model capable of writing exploits, and insufficient infrastructure — cleared facilities, access controls, monitoring — for the larger user base Anthropic proposed. The National Security Agency is already using Mythos through pre-existing arrangements, and the US Treasury has separately requested access to find flaws in its own systems. This asymmetry — restrictive on outward distribution, permissive on internal use — has driven the European reaction.
What Anthropic has said
Anthropic launched Mythos with AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks as initial partners. JPMorgan Chase is the only bank explicitly named; Goldman Sachs and Citigroup are evaluating the model internally. No European bank is on the launch list. Privately, Anthropic has indicated European access will be provided "soon," but no formal agreement has been signed.
The structural problem
The export-control framework designed for satellite components and nuclear materials was not built for software that updates monthly