An AI model that found 2,000 zero-day vulnerabilities in seven weeks has become the most dangerous piece of software on earth — and Europe’s finance ministers are furious they can’t touch it.
The Eurogroup met in Brussels on Monday to discuss something that doesn’t normally appear on a finance ministers’ agenda: an unreleased AI model built by San Francisco startup Anthropic. Claude Mythos Preview has fundamentally changed the cybersecurity landscape since its unveiling on 7 April, and the EU’s top economic officials are now openly demanding access to it. Washington has told them to wait.
The Numbers That Shook the World
During pre-release testing, Mythos identified and exploited zero-day vulnerabilities in every major operating system and every major web browser. Over 2,000 previously unknown vulnerabilities discovered in just seven weeks — roughly 30% of the world’s entire annual vulnerability output before AI entered the equation.
The specifics are staggering. A 27-year-old bug in OpenBSD, long considered one of the most secure operating systems ever built. A 16-year-old remote code execution flaw in FreeBSD. Mozilla patched 271 Firefox vulnerabilities found in a single evaluation pass. In one demonstration, Mythos autonomously created a cross-origin bypass capable of reading bank account data, then chained exploits to achieve kernel-level system access.
Anthropic launched Project Glasswing alongside the disclosure, partnering with AWS, Apple, Google, Microsoft, CrowdStrike, and JPMorgan Chase. But here’s what Europe noticed: only one bank made the list. No European institution was invited.
Brussels Is Not Amused
Germany’s Bundesbank fired first in late April, publicly calling on the EU to demand Mythos access. The argument was devastating: without the same tools an attacker might wield, European banks cannot meaningfully test their own defences.
Spain’s economy minister Carlos Cuerpo warned that Mythos could “find vulnerabilities or backdoors in virtually all our institutions — not only in the financial sector, but across all sectors.” ECB Vice President Luis de Guindos told the European Parliament that the bloc’s payment systems needed preemptive shielding.
Christine Lagarde attempted diplomacy — calling Anthropic a “responsible operator” — before delivering the quiet threat: the model in the wrong hands “could be really bad.”
Switzerland’s FINMA offered a nuanced counterpoint, warning that giving defenders broad Mythos access without proper incident-response infrastructure could itself pose systemic risk. Too much offensive capability, too little defensive maturity.
Washington’s Awkward Hypocrisy
The White House has spent weeks blocking Anthropic’s proposal to expand access to roughly 70 additional organisations. The official concerns — misuse risk and operational readiness — have merit. Neither explains why the NSA is already using Mythos through pre-existing arrangements, why the US Treasury has requested access for its own systems, or why the Pentagon has simultaneously designated Anthropic a supply-chain risk.
Treasury Secretary Scott Bessent confirmed the gravity on Sunday, warning Americans that AI-driven bank hacks represent a genuine emerging threat. He and Fed Chair Jerome Powell called a flash meeting with Wall Street bank CEOs to discuss cybersecurity implications.
The position is internally coherent but diplomatically toxic: America restricts outward distribution whilst expanding its own use. For allies expecting to be inside such arrangements, it’s the asymmetry that has produced the European reaction.
When Defence Requires Offence
Anthropic’s own experience underlines the stakes. Unauthorised users gained access to Mythos through private channels shortly after launch — proving even the most security-conscious AI lab cannot fully control distribution.
Cryptography researcher Bruce Schneier framed the calculus bluntly: a model used offensively gives attackers a structural advantage defenders cannot match without comparable access. The IMF’s Kristalina Georgieva warned the international monetary system lacks protections against “a sustained AI-augmented cyber-incident.” Even CISA — America’s own cybersecurity agency — has been denied access despite repeated requests.
This is the paradox at the heart of frontier AI: the same tool that could protect the global financial system could also be its greatest single point of failure.
What Happens Next
Three outcomes are plausible. A quiet bilateral deal mirroring historical intelligence-sharing arrangements. Bureaucratic delay whilst the Eurogroup issues guidance and the structural gap persists. Or the most disruptive option: European technical autonomy — a serious investment in a comparable sovereign AI model.
Europe’s finance chiefs no longer believe they can manage cyber defence at the level of advice and guidance. They want the tools. In an age where one AI model uncovers more zero-days in seven weeks than the entire security industry found in a year, waiting is itself a vulnerability.
This story is developing. Anthropic has indicated European access will be provided “soon” — the standard temporal hedge in commercial diplomacy. No formal agreement has been signed.
