Anthropic has quietly walled off the European Union from Claude Mythos, its most advanced cybersecurity AI model β€” and the implications for global cyber defense are deeply unsettling. According to reporting by The Parliament Magazine, access to Mythos has been restricted to a tight circle of primarily U.S. companies including Amazon, Apple, and JPMorganChase, along with select government agencies evaluating its offensive capabilities. European banks, software firms, and government bodies? They're locked out entirely.

The Sovereignty Problem

The move exposes a raw nerve in Europe's digital strategy: the continent remains dangerously dependent on American AI labs for frontier-level security capabilities. Paul Timmers, a professor at KU Leuven and former European Commission official at the DG CONNECT unit, didn't mince words. "There's a risk of weaponization of software vulnerabilities," he said. "By selective distribution of these models you also create a bottleneck for access to this power, and that can have quite an impact on technology sovereignty in Europe." The timing is particularly uncomfortable given that Anthropic previously clashed with the U.S. federal government over military applications of its AI β€” refusing to allow deployment in certain warfare scenarios, which cost them a place in classified networks. Now they're caught between American and European regulatory pressures, and so far, Brussels is losing.

OpenAI Steps Into the Gap

While Anthropic stonewalls, rival OpenAI has moved aggressively to court EU authorities. The company is sharing its ChatGPT 5.5-Cyber model with the Commission's AI Office through an EU Cyber Action Plan that includes direct security briefings with OpenAI engineers. George Osborne, OpenAI's Head for Countries and former British Chancellor of the Exchequer, framed it as collaborative responsibility: "AI labs like ours shouldn't be the sole arbiters of cyber safety as resilience depends on trusted partners working together." Commission Spokesperson Thomas Regnier confirmed the divergent approaches at a Monday press briefing. "We welcome the engagement of OpenAI," he said. "When it comes to Mythos, there is also a level of engagement. We have already had like four or five meetings with the company. But these two discussions are at different stages."

European Lawmakers Sound the Alarm

MEPs from multiple factions have condemned Anthropic's decision as incompatible with Europe's strategic autonomy ambitions. MEP StΓ©phanie Yon-Courtin (Renew, France) warned that if Washington is actively limiting access to Mythos, "that would raise a fundamental issue for Europe's digital sovereignty. Europe cannot claim strategic autonomy if Washington decides which AI models we are allowed to see... The EU must have access to Mythos on equal terms." Her colleague Sandro Gozi (Renew, France) called the exclusion a wake-up call that should prompt concrete action. "Europe must not be excluded from access to strategic technologies that are becoming essential for cybersecurity," he said. "But this should also be a lesson. Europe cannot depend on private companies or decisions taken outside Europe to understand and protect its own critical vulnerabilities."

Banks Face the Brunt

European financial institutions are among those most exposed by Mythos's restricted distribution. The speed at which such a model could identify and exploit software vulnerabilities creates cascading failure risks across interconnected banking systems still running aging infrastructure, according to Timmers. Meanwhile, top U.S. banks have already received access β€” giving American finance a critical cybersecurity edge over European competitors.

Key Takeaways

  • Anthropic's Claude Mythos is limited to U.S.-based companies and agencies while the EU has been denied access for weeks
  • OpenAI's proactive engagement with Brussels via ChatGPT 5.5-Cyber contrasts sharply with Anthropic's stance
  • The EU's AI Act grants authority to designate models as systemic risks, but regulators haven't invoked those powers yet
  • European banks face heightened vulnerability due to restricted access to frontier-level security testing tools