European Commission is in high-stakes talks with Anthropic to determine how Claude Mythos and other cybersecurity-focused models fit within EU regulatory and safety expectations.

The discussions center on granting EU access to Mythos’ capabilities, with the Commission emphasizing risk assessment and governance ahead of any broader deployment in Europe.

Formal talks have been opened around Mythos, specifically its cyber defense potential and systemic risks, as part of the EU’s broader risk-management framework.

Anthropic is pivoting to Project Glasswing, a defensive initiative designed to harden global infrastructure and curtail misuse of powerful cybersecurity AI.

Mythos is described as capable of autonomously traversing code bases, spotting zero-days, and generating working exploits within hours, intensifying dual-use concerns.

Reporting on the discussions includes attribution to Reuters with Inti Landauro and Bart Meijer for editing.

Claude Opus 4.7 was unveiled as a testbed with autoregressive protections to block malicious hacking requests and to support governance before wider deployment.

Unpublished Mythos drafts and assets were exposed due to a configuration error in Anthropic’s content management system, bringing renewed attention to its capabilities and risks.

Anthropic intends to offer Mythos initially to a small group of cybersecurity-focused early customers rather than a broad commercial rollout.

Anthropic has submitted to the EU GPAI Code of Practice, signaling an intent to adopt a strong transparency and safety regime for high-risk systems like Mythos.

Spokesperson Thomas Regnier said the GPAI framework obligates risk assessment and mitigation for services that may be offered in Europe, even if not yet deployed there.

The GPAI Code of Practice requires providers to assess and mitigate risks associated with services offered in Europe.