Anthropic is granting ENISA, the European Union’s cybersecurity agency, access to Mythos through Project Glasswing. Mythos can detect and exploit vulnerabilities in computer systems. ENISA thus becomes a member of a select group of organizations authorized to use the model exclusively for defensive purposes.
This is according to sources cited by Bloomberg. ENISA is being added to Project Glasswing, the initiative through which Anthropic gives organizations the opportunity to test the model before it becomes more widely available. Project Glasswing was announced in April 2026 as a coalition of over forty organizations, including Amazon, Apple, Microsoft, Google, and the Linux Foundation. Participants are permitted to use Mythos exclusively for defensive purposes. Anthropic also made up to $100 million in usage credits and $4 million in direct donations available to open-source security organizations.
Mythos distinguishes itself from earlier models by not only detecting vulnerabilities but also automatically combining them into complete attack chains. During testing, the model identified thousands of zero-day vulnerabilities, including a 27-year-old TCP vulnerability in OpenBSD and a 17-year-old vulnerability in FreeBSD. Anthropic reports an autonomous exploit success rate of 72.4 percent, compared to virtually zero for the previous Opus 4.6 model. The NCSC, part of the Ministry of Justice and Security, had previously warned about the model’s capabilities.
Access broader, but still limited
Earlier this month, Anthropic announced that partners in Project Glasswing are permitted to share their findings with parties outside the program, such as security teams, regulators, open-source maintainers, and the media. Through the program, Mythos has now identified more than 10,000 critical software flaws in a single month. Microsoft has incorporated Mythos into its Security Development Lifecycle to detect vulnerabilities early in the development process.
The addition of ENISA follows earlier reports that the Pentagon is also using Mythos to find and patch software vulnerabilities in U.S. government systems.