Table of contents
To our knowledge, no European Union institution currently has operational access via Project Glasswing to the most advanced AI model in cybersecurity - whereas the Bank of England, the Federal Reserve, and the U.S. Treasury have been briefed. Anthropic announced on April 7, 2026, Claude Mythos Preview, the first frontier model explicitly retained for cybersecurity reasons rather than publicly released. The model autonomously discovers and exploits zero-day vulnerabilities: on the ExploitBench benchmark (Carnegie Mellon/Bugcrowd, May 2026), it achieved arbitrary code execution on 21 of the 41 CVEs tested, while no other public model succeeded in any. Access is restricted to Project Glasswing, a coalition of about 40 organizations led by twelve American founders - AWS, Apple, Cisco, CrowdStrike, Google, JPMorgan Chase, Microsoft, NVIDIA, Palo Alto Networks, Broadcom, the Linux Foundation, and Anthropic. No European institution has access at the same date, while the European Central Bank has limited itself to convening zone banks to raise awareness of the risks, without an equivalent briefing. As reported by Les Echos on May 27, 2026, an exclusive study by Sia Partners suggests an offensive advantage of 100 to 1 - a figure conditional on a scenario of malicious model dissemination, which this paper addresses.
A Measurable, but Costly Technical Singularity
The capability gap of Mythos is first evident in independent benchmarks. On ExploitBench, the full test run cost about $36,428 compared to $3,075 for GPT-5.5 via Codex, a ratio of about 12 times. The gross cost places Mythos out of reach of an opportunistic actor, but the capability gap remains documented: among the eight publicly deployed models, only GPT-5.5 passed the security sandbox and achieved control flow hijacking, on a single WebAssembly bug. On the institutional red-teaming side, the British AI Security Institute notes a continuous acceleration: the agency estimated in November 2025 a doubling of cyber capabilities every eight months, revised to 4.7 months in February 2026, and both Mythos and GPT-5.5 now exceed this accelerated trajectory. Mythos is the first model to complete both AISI cyber ranges: six successes out of ten attempts on the 32-step enterprise network attack simulation, which would take a human expert about twenty hours to resolve, and three out of ten on the "Cooling Tower" industrial simulation. To these figures, Anthropic adds the autonomous discovery of thousands of zero-days in major operating systems and browsers, over 99% of which were unpatched at publication - internal figures recorded in a 244-page system card, whose exact scope remains unauditable by a European third party.
A Narrowing Gap: Open-weight Fills Much of the Gap
The singularity of Mythos masks a parallel movement that relativizes its strategic significance. An arXiv paper published in May 2026 shows that Qwen3.6-27B achieves 33% success in autonomous self-replication on a single A100 card, on par with the current generation GPT-5.4 and above the previous generation frontier, where Opus 4 capped at 6% and GPT-5 at 0%. The model operates on an A100 at $1 to $2 per hour via cloud providers and fits within the 40 billion parameter threshold that the Epoch AI institute sets for the RTX 5090 era - thus within reach of consumer hardware. This echo is confirmed by CISOs: according to an analysis by the Swiss firm InfoGuard based on the work of the specialized organization AISLE, the eight open-weight models tested replicate the FreeBSD exploit presented as proof of Mythos' superiority, one of which with 3.6 billion active parameters for about $0.11 per million tokens. The residual capability gap then focuses on a narrow scope: arbitrary code execution on demanding real CVEs. It is on this differential that the 100 to 1 advantage advanced by Sia Partners and revealed by Les Echos is constructed - a figure that explicitly relies on the scenario of a Mythos "placed in malicious hands" with virtually no defense, described by the British AISI itself as "an attacker against the worst goalkeeper in the world" (free translation). Sia Partners also markets an RSSI/DSI playbook mapping AI cyber threats across nine operational axes based on this same observation, a conflict of interest not mentioned in the Les Echos paper.
Glasswing: American Perimeter, Asymmetric Alerts
Beyond the twelve founders already named, the coalition aggregates, according to InfoGuard, selected companies such as JPMorgan Chase, Goldman Sachs, and certain cloud and OS publishers, for defensive use. The rest of the economy does not have access. The alert sequence reflects this perimeter: Anthropic briefed the Federal Reserve, the U.S. Treasury, the Cybersecurity and Infrastructure Security Agency, and the Bank of England, and Treasury Secretary Scott Bessent and Fed Chairman Jerome Powell held an emergency meeting with the CEOs of major banks to point out the specific threat of the model. On the eurozone side, the European Central Bank has convened zone banks to raise awareness of risks, without an equivalent briefing to that addressed by Anthropic to the Bank of England. At a press briefing on April 28, 2026, Commission spokesman Thomas Regnier confirmed that the European institution still does not have access to Project Glasswing, stating that "cybersecurity concerns remain to be addressed" and that the company is "engaging in good faith," without committing to a timeline. As of May 29, 2026, neither ANSSI nor ENISA has published an official position on Mythos or on the evaluation procedure likely to unlock this access - a documentable silence that contrasts with American and British institutional mobilization.
The "100 to 1" Relies on Two Cumulative Conditions
The asymmetry quantified by Sia Partners is conditional: it assumes both that a malicious actor obtains access to Mythos - currently limited to about forty organizations under Project Glasswing - and that the defense remains virtually absent. The British AISI, which validated a success rate of 73% on expert hacking tasks, itself specifies that Mythos was evaluated "against virtually non-existent defenses" - an evaluator speaks of "an attacker against the worst goalkeeper in the world." In a properly hardened production environment, the picture is different. Furthermore, Sia Partners markets an RSSI/DSI playbook based on this same observation, which constitutes a direct interest to retain as a critical reading element.
An Institutional Gap: Pre-deployment vs. Legal Obligation
The access gap to Mythos extends a deeper institutional fracture, readable in the very grammar of frontier model control. The British AI Security Institute practices pre-deployment red-teaming, with about 250 people and formal partnerships with Anthropic, Google DeepMind, and OpenAI to directly evaluate model snapshots before wider dissemination. Its technical director Jade Leung, also the British Prime Minister's AI advisor, states in ResultSense on April 22, 2026, having found "vulnerabilities in every system tested" (free translation), Mythos included. The European Union holds the other end of the spectrum: according to the same source, it "has favored legal obligations for developers rather than internal red-teaming capability" (free translation), via the AI Act and DORA for the financial sector. France laid a first sovereignty evaluation milestone with the launch of INESIA in 2025, without a scope comparable to that of the AISI. It is this imbalance that has pushed MEPs from all sides to write to Henna Virkkunen, Executive Vice President of the Commission, to demand European participation in Project Glasswing and the acceleration of zero-trust architectures. The letter, dated April 27, 2026, opposes the European legal framework to a demand for operational infrastructure - a demand that encounters sectoral resource constraints. According to ENISA, the cybersecurity specialist shortage reached 299,000 positions in the EU in 2024, an increase of 9% compared to 2023, and the median cybersecurity budget in the NIS perimeter amounts to 1.5 million euros - equivalent, according to our calculation based on this budget and the ExploitBench run cost published by Carnegie Mellon/Bugcrowd, to about forty ExploitBench runs on Mythos.