Anthropic PBC is set to grant the European Union Agency for Cybersecurity (ENISA) access to its powerful artificial intelligence tool named "Mythos," making it the first EU institution to receive authorization for this advanced AI system.
The tool possesses the capability to discover and exploit vulnerabilities in computer systems.
According to informed sources, the generative AI company will include ENISA in "Project Glasswing."
This initiative aims to allow key institutions to test the tool's capabilities before a broader release of Mythos.
The sources indicated that Anthropic informed the European Commission, the EU's executive body, of this decision over the past weekend.
This followed a visit by European Commission officials to San Francisco last Thursday, where they requested that Anthropic executives provide access to the model, after several weeks of prior unsuccessful engagement.
A spokesperson for the European Commission stated that discussions with Anthropic are progressing but declined to provide further comment.
Access to Mythos has been restricted since its initial preview in April this year due to concerns about it falling into the hands of cybercriminals.
Anthropic has previously warned that Mythos can autonomously discover and exploit critical vulnerabilities in mainstream operating systems and browsers, developing professional-grade cyber attack methods.
The company cautioned that if obtained by malicious actors, it could pose a serious threat to global digital infrastructure, public safety, and national security.
U.S. authorities and some American financial institutions, including The Goldman Sachs Group, Inc., have already received early access.
The UK's AI Safety Institute was also granted permission to test the model shortly after its launch.
Concerns within the global financial sector regarding Mythos also focus on the disparity in defensive resources.
To manage the risks, Anthropic previously launched a closed project called "Project Glasswing," offering limited access only to about 50 selected U.S. technology and financial giants such as Alphabet Inc., Microsoft Corporation, and JPMorgan Chase & Co.
The goal was to utilize the model for defensive cybersecurity research and to preemptively strengthen critical infrastructure.
This move previously left European banks and regulators unable to access Mythos, causing widespread concern.
Frank Elderson, Vice-Chair of the Supervisory Board of the European Central Bank, acknowledged that the inability of European banks to access the model is "regrettable."
However, he emphasized that "not having access to the model cannot be an excuse for inaction," and expressed hope that U.S. banks attending a recent meeting would share their testing experiences with their Eurozone counterparts.
On May 26, the European Central Bank convened an emergency meeting with approximately 111 major banks under its supervision to discuss cybersecurity risks exposed by advanced AI models like Mythos.
Elderson pointed out that as AI technology advances, traditional security vulnerabilities must be addressed much faster.
He noted that if a major software vendor releases a security patch, hackers previously might have needed weeks to reverse-engineer the vulnerability, but with AI models at the level of Mythos, malicious actors might complete this process in as little as 30 minutes.
Consequently, he demanded that banks establish entirely new processes to ensure software patches can be deployed and updated at a pace far exceeding current market standards.
Currently, numerous institutions worldwide are applying to Anthropic for access to Mythos or related technical briefings.
Anthropic has agreed to provide high-level briefings to the Financial Stability Board, which comprises G20 finance ministers and central bank governors, as well as to the European Commission.
Comments