The Day European Digital Sovereignty Convened to Discuss a Model It Cannot Access
….and don’t say I didn’t warn you.
On Tuesday, May 26, 2026, the European Central Bank convenes a meeting in Frankfurt with the one hundred and eleven banks it supervises in the Eurozone. The agenda item, according to coverage in the European financial press over the preceding ten days, is the cyber risk posed by an artificial intelligence model called Claude Mythos. The model is produced by Anthropic. The model is not available to the European banks attending the meeting. It is not available to the European supervisor convening the meeting. It is not, at the time of writing, available to the European regulator that wrote the AI Act and is about to enforce its high-risk provisions.
This article reads the convening, sideways, in four observations.
Observation One: What the AI Security Institute Has Measured
Claude Mythos Preview was announced by Anthropic on April 7, 2026. In the days that followed, the United Kingdom AI Security Institute (AISI), a research organisation within the UK Department for Science, Innovation and Technology, ran an independent battery of cyber capability evaluations on the model. The findings are public, and they are not subject to interpretive ambiguity.
Mythos solved seventy-three percent of the expert-level capture-the-flag challenges in the AISI evaluation suite. None of these had been solved by any earlier AI system. The category had been, until April 2026, a category of cybersecurity exercise that humans completed and machines did not. The seventy-three percent is, in operational language, the day on which that distinction stopped being useful.
In a separate evaluation, AISI built a thirty-two-step corporate network attack simulation, internally referred to as The Last Ones. The simulation rehearses, end to end, the activities of a competent attacker entering a corporate environment, performing reconnaissance, escalating privileges, moving laterally, exfiltrating data. In ten attempts, Mythos completed the entire chain three times. On average, it executed twenty-two of the thirty-two steps. The model also identified, by Anthropic’s own subsequent disclosure, thousands of previously unknown vulnerabilities in every major operating system and every major web browser.
This is the capability profile that the ECB will discuss with one hundred and eleven banks on May 26. The banks have read the AISI report. The banks cannot reproduce the AISI report.
Observation Two: What Project Glasswing Is, and Who Is Inside It
Project Glasswing is the controlled distribution programme through which Anthropic has made Mythos available to a limited set of organisations. The programme is, in its public description, an industry consortium whose partners use the model to find and fix flaws in their own systems. The partner organisations, according to coverage in the European financial press, are principally United States institutions. Anthropic has not, at the time of writing, opened Glasswing membership to European banks.
The exclusion is not, in the public statements, hostile. The exclusion is the operational consequence of a model whose offensive capability has been judged, by Anthropic and confirmed by AISI, sufficient to warrant restricted access pending validation of the consortium’s defensive use cases. The principle is, in the abstract, defensible. The operational effect, on May 2026, is that the institutions which can stress-test their perimeters against Mythos are American, and the institutions which cannot are European.
The European Commissioner for Financial Services, Valdis Dombrovskis, confirmed on May 4 that the European Union is in talks with Anthropic about extending Glasswing access to European banks and corporates. The talks, at the time of writing, are in progress. The May 26 ECB meeting precedes their conclusion. The August 2 deadline of the AI Act high-risk provisions, on the other hand, does not.
Observation Three: What the ECB Has Been Asked to Do
The European Central Bank supervises, through its Single Supervisory Mechanism, the one hundred and eleven largest banks in the Eurozone. These banks hold, in aggregate, the majority of European banking assets. Their cyber risk is, by the joint definition of the ECB and the European Banking Authority, a systemic risk to the European financial system.
The ECB has, by virtue of its mandate, a positive obligation to ensure that these banks are equipped to defend their perimeters against the current generation of offensive AI capability. The current generation, as of May 2026, includes Claude Mythos. The ECB cannot itself access Mythos. The supervised banks cannot themselves access Mythos. The European cybersecurity agency ENISA cannot itself access Mythos.
The operational solution, in the ECB’s reasonable interpretation of its mandate, has been to convene the supervised banks on May 26 and to ask, formally, the United States participants in Project Glasswing to share with European peers the lessons they have learned from testing their own perimeters against the model. This is, by any reading, a reasonable interim measure. It is also, by any reading, an arrangement in which the largest financial supervisor in Europe asks the regulated entities of a different jurisdiction to provide second-hand reconnaissance reports as a substitute for direct access to the threat tooling.
The interim measure is documented. The structural anomaly it documents is also documented.
Observation Four: What August 2 Will Add
On August 2, 2026, the high-risk provisions of the European Union Artificial Intelligence Act take effect. Providers of AI systems classified as high-risk under Annex III of the regulation must be in compliance with a substantial set of obligations on risk management, data governance, technical documentation, transparency, human oversight, accuracy, robustness, and cybersecurity. Non-compliance is sanctioned at up to thirty-five million euros or seven percent of global annual turnover, whichever is higher. The threshold is the highest in the regulatory history of the European Union.
The same regulator that, on May 26, will sit in a Frankfurt conference room asking United States banks for second-hand reconnaissance reports on Claude Mythos, will, on August 2, become the global standard-setter for trustworthy artificial intelligence. The narrative position of the European Union, in May and August of 2026, is internally consistent. The operational position is, in any reading, asymmetric.
The asymmetry is not the result of a regulatory mistake. The AI Act is a sound regulation. The asymmetry is the result of a separation between the time horizon of regulatory ambition (multi-year, multi-stakeholder, treaty-grade) and the time horizon of frontier AI capability release (weekly, vendor-paced, market-driven). The AI Act was designed in 2020-2024. Claude Mythos was released in April 2026. The high-risk provisions take effect in August 2026. The temporal distance between the regulation’s design and the regulation’s first test against an actual frontier capability is roughly two years.
In those two years, the capability landscape moved. The regulator did not move. The supervised banks did not move. The result is the convening of May 26.
What the Convening Documents, Structurally
The May 26 ECB meeting is, in the strict regulatory sense, a routine supervisory consultation. The Single Supervisory Mechanism convenes its supervised entities regularly, on a wide range of cyber, operational, and prudential topics. The May 26 agenda, formally, is one of many. The European financial supervisor does its job. The European supervised banks attend. The European Commission, in parallel, negotiates with the model provider for access.
Read structurally, however, the convening documents a position. The position is the following.
The European Union has, in 2024-2026, positioned itself as the regulatory leader of trustworthy artificial intelligence. The AI Act is, by some measure, the most ambitious AI regulation in the world. The European Commission has, through Commissioner Dombrovskis and other channels, articulated the principle of European digital sovereignty as a foundational element of the union’s strategic posture. The narrative is coherent. The narrative is consistent. The narrative is supported by binding regulation that, in August 2026, becomes enforceable.
The operational corollary of the narrative, in May 2026, is a meeting in Frankfurt at which the European supervisor, the European supervised banks, and the European Commission collectively rely on the cooperation of a United States consortium to obtain operational information about a model that the European Commission is, in parallel, negotiating to acquire on commercial terms.
The narrative position and the operational position are both true. They are not, in any reading, sovereign.
Digital sovereignty, in May 2026, is a regulatory category that the European Union has defined with admirable precision. It is also an operational state that the European Union has not yet achieved. The two definitions live in adjacent rooms, in the same Brussels building, with separate diaries. The May 26 ECB convening is one of the rare days on which the two definitions are required to be in the same room at the same time.
The European Central Bank will conduct the meeting with discipline. The supervised banks will attend with discipline. The minutes will be written with discipline. The lessons learned from the United States participants in Project Glasswing will be shared with discipline. The August 2 AI Act high-risk provisions will take effect with discipline.
The position is internally consistent. It is just not, in any reading, sovereign.
The next time the European Commission addresses the European Parliament on the principle of digital sovereignty, the honest reference point, in May 2026, is a meeting in Frankfurt at which the largest financial supervisor in Europe asked the regulated entities of another jurisdiction to share what they had learned testing a model that the European supervisor could not itself test.
The next time a CISO of a European bank is asked, by the board, what the bank is doing about Mythos, the honest answer, in May 2026, is that the bank is doing what its supervisor is doing, which is what its supervisor’s counterparts in another jurisdiction have made available, which is whatever they choose, in the relevant week, to share.
The next time a vendor of European AI defence solutions explains, in a pitch deck, that European sovereignty is a foundational principle of its product, the honest follow-up question is whether the product has, in May 2026, been tested against Claude Mythos.
The three questions have, as of the date of this article, the same answer.
All my “insane” books on cybersecurity and governance are here 👉 https://www.amazon.it/stores/author/B0FB47T6Q4/allbooks
My “unfiltered” podcast SPYK :
🎧 Apple Podcasts 👉 https://podcasts.apple.com/it/podcast/spyk-uk-edition/id1896617808?i=1000767770385
🎧 Spotify 👉 https://open.spotify.com/show/033fU0Ds43aJrquCYYltWV?si=4eaafac135e848df
Also on #iHeartRadio, #AmazonMusic / #Audible, #Castbox, #Deezer, #PodcastAddict, #Podchaser.
Sources: Anthropic, Claude Mythos Preview; Anthropic, Project Glasswing; UK AISI, Our evaluation of Claude Mythos Preview’s cyber capabilities; The Next Web, ECB convenes banks over AI cybersecurity risks from Mythos; Yellow.com, ECB Summons 111 Eurozone Banks Over Claude Mythos Cyber Risks; Yahoo Finance, Clock Is Ticking, ECB Warns Banks Over Mythos and AI Cyber Risks; S&P Global, Anthropic’s new AI model pushes banks to shore up cyber defenses; Help Net Security, Testing reveals Claude Mythos’s offensive capabilities and limits; BeinCrypto, Claude Mythos Cracks 73% of Expert Cyber Tasks.