April 2025: The European Commission presents an action plan to make Europe a “world leader” in AI. May 2026: Commission representatives take their seats in a Brussels room where AI doomsday scenarios dominate.
The subject of discussion is the American company Anthropic, big in artificial intelligence, and its latest AI model Mythos. According to the company, the preview model has already discovered “thousands of serious vulnerabilities” in virtually “every major operating system and web browser.” For this reason, critics fear that hackers will abuse the model to penetrate digital systems.
To prevent “serious consequences” for the economy, public order and national security, Anthropic announced Project Glasswing in April. This alliance with tech companies such as Apple, Microsoft, Linux, Google and financial institutions such as JPMorgan Chase is an “urgent attempt to use AI for defensive purposes”. Because while the model can quickly detect digital vulnerabilities and thus strengthen online resilience, it can also be a catalyst for digital attacks.
The fact that the AI model is only tested in the US worries European authorities. “We cannot allow companies to share such systems at their own discretion,” says MEP Kim van Sparrentak (GroenLinks-PvdA), who, as shadow rapporteur on the AI regulation dossier, scheduled a hearing on Wednesday about the risks of models such as Mythos.
It was a hearing without Anthropic, which canceled at the last minute, according to insiders because the time was “too short”. European Commissioner Henna Virkkunen, whose portfolio includes Technology and Digital Sovereignty, was also missing.
Also read
AI model Mythos – praised and feared – appears to have fallen into the hands of unauthorized persons
‘We are at the mercy of tech companies’
Mythos, a so-called frontier model, is considered groundbreaking by experts. There is a “structural shift in pace”, European governments warn. “Response cycles of days become hours, weeks become days,” the National Cyber Security Center (NCSC) stated in a message about Mythos in mid-April. “Immediate action” is needed.
Van Sparrentak sums up: “Mythos opens the door to large-scale cyber attacks. Think of hacked banks, disrupted transport systems and hospitals without power.” She continues: “Mythos is just the first model. And with a US government that doesn’t believe in regulating AI, we are at the mercy of [de welwillendheid van] tech companies.”
Hans de Vries, head of cybersecurity at the European Agency for Network and Information Security, agrees that Europe does not have access to Mythos. He does not want to talk about an “apocalyptic scenario”, he says, but “this will hurt for years. But in the end this makes us all stronger.”
However, according to Commission employee Despina Spanou, a model like Mythos does not come as a surprise. Spanou refers to existing and planned regulations – such as the AI Act, the NIS2 directive and the Cyber Resilience Act, European legislation to increase the digital resilience of companies and governments in crucial sectors. “It’s a matter of adhering to the rules. Let’s speed up [van besluitvorming] step up”.
The development of Mythos reminds NSC MEP Dirk Gotink of the discovery of gunpowder
It is about Europe’s strategic autonomy, economy, security and sovereignty: concerns are widely shared in the Committee on the Internal Market and Consumer Protection. The development of Mythos reminds NSC MEP Dirk Gotink of the invention of gunpowder: “This feels like a turning point in history.”
Unrest is also growing at European banks. Valdis Dombrovskis, European Commissioner for the Economy, indicated on Monday that he was discussing the possibility of cyber resilience tests in Europe.
Also read
Will AI model Mythos really be such a goldmine for hackers?

MEP Bart Groothuis (VVD) asks: “Where are the substantive answers, how does this not become a cyber massacre?” According to him, Europe has no place at the table. “It is not about competence, but about computing power.” The Commission offers “little hope” and shows “paper reality,” concludes Van Sparrentak.
The contrast with the US is becoming increasingly clear after Microsoft, Elon Musk’s xAI and Google’s Deepmind – following OpenAI and Anthropic – also agreed on Tuesday for the US government to test AI models for national security risks before they go to market.

