Potential Game-Changer in EU as Mythos AI Access Opens Up

Preview access to the potent (and concerning) new Mythos AI is being expanded to at least 150 organizations, to include the first access for members of the EU. While Anthropic is not publishing a full list of the new organizations that are joining its “Project Glasswing” advanced testing, the European Commission has confirmed that leading cybersecurity agency ENISA (the rough equivalent of the US CISA) will be among them.

Assorted forces in the EU have been lobbying Anthropic for early access, ever since the Mythos AI testing began in early April and generated splashy headlines about how many vulnerabilities were being found. The EU is not the only new region being let inside the gates, however, as both private companies and government agencies in South Korea have also confirmed they are being granted access.

Project Glasswing expands amidst Mythos AI release date uncertainty

Mythos AI access has been closely guarded in the first several months of preview availability, limited to only about 40 organizations in  total before now. Anthropic says that at least 15 countries have been included in the recent expansion; while most of these appear to be in Europe, several South Korean organizations (such as Samsung and SK Telecom) have indicated they are among those getting access.

There has been something of a panic over preparation for the new wave of frontier models headed up by Mythos AI, with OpenAI’s GPT-5.5-Cyber and Google’s “Big Sleep” also in the mix as having similar capability for quickly uncovering vulnerabilities. If testing results are to be believed, the broad availability of these models will force major changes in patching processes; in other words, automated AI will likely have to be deployed to counter the speed of offensive AI.

While this announcement is positive news for countries that have been hoping for access, it does not necessarily clear up exactly when Mythos AI will start rolling out to the public. This has been a point of contention and confusion due to some seemingly conflicting statements by Anthropic within the last couple of weeks. The release of Opus 4.8 moved prediction markets forward significantly due to the inclusion of a throwaway line about Mythos being available in the “coming weeks,” but such a short timeline would seem to make little sense with all of these new entities only just now getting Project Glasswing access. Industry analyst predictions of the rollout beginning sometime in the latter half of 2026 or even 2027 would still appear to be more likely at this point.

Mythos AI access eases the minds of regulators

Whatever the release schedule for all of these frontier models, organizations must immediately grapple with the idea that their full spectrum of vulnerabilities will be sniffed out by AI tools in a matter of minutes in the very near future. There is still robust debate about how good these models will be at autonomously exploiting attack chains, but at this point it seems settled that they will at least force greater automation of patching.

Some questions still remain about the expanded Mythos AI access. One of the big ones is disbursement of funds. Up to this point, Anthropic has allotted about $10 million worth of tokens to the first group of participating organizations for their testing. One would expect an increase in funding given over three times the current cohort coming online.

Specific to ENISA, there are also questions about how the results of this new testing will be applied to existing regulations for EU organizations. For example, will the agency go back over already certified products or will it apply Mythos AI testing to products currently in the certification pipeline? With the new crop of organizations still waiting to formally get their access as of this writing, organizations will have to wait at least a short time for more answers.