Anthropic's Mythos AI access split shows US-EU divide after export order

At a glance:

• Some early testers including Dragos and Cisco still have access to Mythos Preview despite US export restrictions
• European cybersecurity agency ENISA lost access after initially being invited to join Glasswing programme
• The selective access reveals how much discretion Anthropic holds in the gap left by US export directives

The US Commerce Department's order to restrict access to Anthropic's advanced AI model Mythos did not result in a complete shutdown. While a less powerful version was disabled for all foreign nationals, certain organisations that were part of Anthropic's Glasswing programme continue to operate with Mythos Preview.

This selective enforcement has created a clear divide between US and European access. Two companies confirmed to Bloomberg that they retained access: Dragos, the industrial-cybersecurity firm that Accenture is acquiring a majority stake in, and Cisco Systems. Meanwhile, the European Union's cybersecurity agency ENISA was informed it would no longer receive access, reversing an arrangement made just days earlier.

The Glasswing programme was deliberately limited, encompassing roughly 200 organisations including the US government. These early testers were selected after Mythos demonstrated an unusual capability: it identified thousands of software vulnerabilities. This dual-use potential—equally valuable to defenders and attackers—explains why the model has drawn such scrutiny from US authorities.

The pattern of retained and revoked access illuminates how Anthropic is interpreting the export directive. Organizations keeping access are predominantly US-based security firms conducting defensive work, while European entities have been excluded. This suggests that in the gap left by the government order, Anthropic is effectively making case-by-case decisions about who can use one of the most capable security models in existence.

However, the company has not disclosed its specific criteria for determining access. This lack of transparency places significant discretion in the hands of a single private vendor rather than public authorities. The inconsistency between US firms retained and the European agency dropped makes this discretion visible and invites scrutiny.

The episode highlights broader questions about governance of dual-use AI. When a single company decides which security teams maintain access to a frontier model, the practical power over a national-security-relevant tool sits with a private vendor. This arrangement emerged not from policy design but from the gaps in a government directive that left implementation details to Anthropic's interpretation.