Tech / AI
Anthropic Walled Mythos Off Before the EU Could Ask
Anthropic met EU officials four or five times without offering access to its most capable model. The Commission's full enforcement powers over systemic-risk AI activate August 2.
Anthropic launched Project Glasswing on April 7, restricting Claude Mythos preview access to 12 partner organizations, none of them European, before EU regulators could formally request it.
The UK AISI, which red-teamed GPT-5.5 the previous month, tested Mythos six days later and found it completed all 32 steps of a corporate network attack simulation. No prior AI system had done so. Mythos scored 83.1% on CyberGym versus 66.6% for Claude Opus 4.6, and identified a 27-year-old OpenBSD flaw that five million traditional security scans had missed.
Glasswing's 12 founding partners are Anthropic itself, Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks, all US-domiciled. POLITICO, per CMS Law's May analysis, reports the EU was largely left out of discussions around Mythos, not just the final partner list. Anthropic committed $100 million in API credits and restricted access to defensive cybersecurity uses only.
On May 11, European Commission spokesperson Thomas Regnier confirmed the divergence publicly. OpenAI had offered EU institutions access to GPT-5.5-Cyber under a new EU Cyber Action Plan. Anthropic had met with the Commission four or five times without offering model access; Regnier said the Commission could not "speculate on potential access or not."
What the Rulebook Requires
The EU AI Act's GPAI provisions have required systemic-risk notification since August 2, 2025. The Act designates systemic risk by compute threshold or by capability; its recitals explicitly name offensive cyber capabilities as a risk marker. CMS Law analysts wrote in May there can "realistically be little doubt" Mythos constitutes a GPAI model with systemic risk.
Under Article 92, refusing Commission evaluation access carries fines up to 3% of global annual turnover. That enforcement power activates August 2, 2026.
Jurisdiction is the complication. Geo-blocking defeats the "placed on EU market" trigger straightforwardly, but whether Mythos outputs scanning EU-based infrastructure count as "used in the Union" is, per CMS Law, genuinely unresolved. Under Recital 97, if any Glasswing partner ships a Mythos-integrated product to EU customers, Chapter V obligations attach regardless of Anthropic's own geo-block.
The Pentagon reached for oversight from the other direction. It designated Anthropic a supply-chain risk after the company refused autonomous targeting or domestic surveillance uses of Mythos. A federal court issued a preliminary injunction in March blocking that designation; the government intends to appeal.
The April 7 launch date reveals a deliberate sequencing. Anthropic closed the partner list before enforcement was live, then geo-blocked EU access and offered discussions in place of it.
For the AI Office, geo-blocking strips the primary enforcement pathway and leaves nominal authority without direct access to the model. The Recital 97 route through downstream partners is the only door left open.
Watch whether Microsoft Azure or Cisco, both Glasswing partners with large EU enterprise footprints, announce a Mythos-integrated product for EU customers before August 2. That announcement is the event that activates Chapter V; it requires no action from Brussels.