European Union Demands Access to AI Model That Can Break Into Any Bank System
Brussels, Tuesday, 5 May 2026.
EU finance ministers are scrambling to gain access to Anthropic’s Mythos AI model after it demonstrated the ability to find thousands of critical vulnerabilities in banking systems worldwide. The model successfully completed all 32 steps of a simulated corporate network attack and discovered security flaws dating back decades, including a 27-year-old bug in OpenBSD. While the US restricts access to select organizations, European regulators warn their banks remain defenseless against AI-powered cyberattacks. ECB President Christine Lagarde described the potential impact as ‘really bad’ if hostile actors gain access first.
European Commission Confirms Active Dialogue with Anthropic
The European Commission has confirmed it is actively engaging with Anthropic regarding the Mythos AI system, with European Economic Commissioner Valdis Dombrovskis revealing the scope of these discussions on Monday [1][3]. Commission representatives have already met with Anthropic and received briefings on the technical details surrounding Mythos’s cyber capabilities and associated risks [1]. Dombrovskis stated that the Commission is currently assessing possible implications in light of EU policies and legislation [1]. This engagement represents a significant escalation in European regulatory scrutiny of advanced AI systems, particularly those with potential cybersecurity implications under the EU AI Act framework [3].
Understanding Mythos: The AI Model That Exposed Global Vulnerabilities
Anthropic announced the creation of Mythos on April 7, 2026, describing it as an AI model deemed too dangerous for wide release [2][5]. The system demonstrated unprecedented capabilities by autonomously completing all 32 steps of the UK AI Security Institute’s corporate network attack simulation [5]. Mythos discovered thousands of high-severity vulnerabilities across major systems, including a 27-year-old bug in OpenBSD, a 16-year-old remote-code-execution flaw in FreeBSD, and 271 Firefox vulnerabilities [8]. The model’s ability to find and exploit hidden flaws in software used by banks, power grids, and governments has triggered emergency responses from central banks and intelligence agencies globally [2]. Cybersecurity experts believe Mythos may turbo-charge attacks on banks’ technology systems, though it has not yet been made available to any European banks [1].
European Financial Leaders Push for Access
Euro-area finance ministers convened on May 4, 2026, to specifically discuss the lack of European government access to Anthropic’s Mythos AI model [8]. Michael Theurer, chief supervisor at Germany’s Bundesbank, urged the European Union on April 29, 2026, to request access to Mythos from either Anthropic or the U.S. administration [6]. Theurer warned that European financial institutions could become dependent on state assistance if they lack access to this technology, stating that ‘if you do not have access to this technology yourself, you naturally find yourself in very difficult waters’ [6]. The European Central Bank has convened calls with chief risk officers at eurozone lenders to gather information on AI-powered cyberattack preparations, with ECB President Christine Lagarde describing the potential impact as ‘could be really bad’ [8].
Regulatory Implications and Future Outlook
The EU AI Act addresses systemic risks arising from high-impact capabilities of advanced models, including ‘offensive cyber capabilities, such as the ways in which vulnerability discovery, exploitation, or operational use can be enabled’ [5]. Spain’s Economy Minister Carlos Cuerpo has advocated for Europe to consider ‘regulatory and legislative instruments such as the AI Act’ in response to the Mythos situation [7]. Luis de Guindos, European Central Bank vice president, has stressed the importance of protecting Europe’s payment systems from vulnerabilities that Mythos might reveal [7]. While the White House has been blocking Anthropic’s proposal to expand access to Mythos to roughly 70 additional organizations for several weeks [8], Anthropic has indicated that European access to Mythos will be provided ‘soon’ [8]. European supervisors recognize that hostile actors will inevitably gain access to the model, emphasizing that ‘defenders need parallel access not because they want to use Mythos offensively but because, without it, the defender side of the trade is structurally short’ [8].
Bronnen
- www.reuters.com
- www.nytimes.com
- www.bloomberg.com
- www.reddit.com
- www.techpolicy.press
- www.reuters.com
- english.cw.com.tw
- thenextweb.com