Now Both AI Labs Are Courting Europe’s Cyber Defences — On Very Different Terms
In a nutshell
For two weeks, gafam.ai has documented Europe being locked out of American frontier AI — the Fable 5 shutdown, the foreign-national export ban, the structural dependency it exposed. This week, the current reverses. Both leading American AI labs are now actively offering Europe access to their most powerful cyber capabilities. But the terms — and the timing — tell a more complicated story than a simple opening.
What Changed This Week
Two parallel developments, pointing in the same direction.
Anthropic has offered the EU access to its Mythos cybersecurity model — its first expansion of the tool beyond the US and UK, with talks with the EU cybersecurity agency ENISA continuing. This is a significant shift. Mythos has been Anthropic's most tightly restricted model — gated through Project Glasswing to roughly 50 partner organisations, withheld from the public, and at the centre of the US export directive that locked European users out entirely on June 12. Now Anthropic is extending it toward European institutions through the EU's own cybersecurity agency.
Simultaneously, OpenAI is giving nine major UK banks access to its GPT-5.5-Cyber tool — the model we covered yesterday — filling a gap left by Anthropic's tightly restricted Mythos model. Where Anthropic's caution created an opening, OpenAI moved into it. Nine of Britain's largest financial institutions now have access to OpenAI's strongest cyber-defence capability.
The two moves are competitive mirror images. Anthropic opens carefully, through a public agency, on safety-first terms. OpenAI opens commercially, through direct enterprise deals, moving fast into the space Anthropic left empty.
Why ENISA Matters
The Anthropic-ENISA channel is the more structurally interesting of the two. ENISA — the European Union Agency for Cybersecurity — is the body responsible for coordinating cyber-defence across all 27 member states. An Anthropic-ENISA arrangement would not be a commercial deal with individual companies. It would be a relationship with Europe's central cybersecurity institution.
That structure matters for European sovereignty. A model accessed through ENISA is governed, at least partly, under European coordination rather than purely American commercial terms. If Anthropic's Mythos reaches European defenders through ENISA, the access decision involves a European institution — a meaningful difference from the American "trusted defender" programmes we examined yesterday, where access is decided entirely in Washington.
The talks are ongoing, not concluded. But the direction signals something important: Anthropic, having been punished by the US administration for its safety-first posture, is now positioning that same posture as an asset in European markets. The company locked out of Washington is courting Brussels.
The UK Banking Deal — Speed Over Structure
OpenAI's nine-bank UK deal is the opposite model. It is fast, commercial and direct. It does not route through a European agency. It places OpenAI's cyber capability directly into the security operations of major financial institutions.
For the banks, the appeal is obvious. Financial institutions face relentless cyberattacks, and Anthropic's Mythos — the model with the strongest reputation for vulnerability discovery — has been largely unavailable to them due to its restrictions. OpenAI's GPT-5.5-Cyber, commercially available through the Daybreak partner programme, fills that operational gap immediately.
But the structure carries the dependency we have documented throughout. Nine UK banks now have a critical cyber-defence capability supplied by an American company, governed by an American access programme, subject to the same political-alignment dynamics that took Anthropic's models offline. The speed is attractive. The structural exposure is unchanged.
The Pattern Across the Week
Place these two moves alongside what we have reported. Yesterday: OpenAI launches GPT-5.5-Cyber, scoring above Anthropic's Mythos. Today: that model goes to nine UK banks while Anthropic offers Mythos to the EU through ENISA. The competition between the two labs is now playing out specifically on European ground — each racing to embed its cyber capability in European institutions before the other.
For Europe, this is simultaneously an opportunity and a warning. The opportunity: European institutions finally have access to frontier cyber-AI, on terms that — at least in the ENISA case — involve European coordination. The warning: the capability remains American, the competition is between American labs, and Europe's role is still that of a customer choosing between American suppliers rather than a producer with its own option.
The European Perspective
This week's reversal — both American labs courting European cyber defences — is genuine progress over the lockout of two weeks ago, and the Anthropic-ENISA channel in particular deserves cautious welcome. A frontier cyber model accessed through Europe's own cybersecurity agency is structurally better than one accessed through a Washington-controlled trusted-defender programme. But European policymakers should read the week clearly. Europe is being offered access, not sovereignty. The capability to find and patch vulnerabilities at machine speed is still produced by two American companies competing for European institutional relationships. The ENISA channel improves the governance of European access; it does not create European capability. The genuine lesson of the past three weeks — from the Fable 5 lockout to today's competitive courtship — is that access granted can be access withdrawn. An Anthropic-ENISA arrangement is valuable precisely because it embeds European institutional involvement, which makes withdrawal harder. European negotiators should press for exactly that: contractual and institutional structures that make European access durable rather than discretionary. And in parallel, the work that no amount of American courtship removes — building European cyber-AI capability through Mistral, through European security-AI initiatives, governed under European rules — remains the only path from access to sovereignty. This week Europe was offered a better seat at an American table. The table is still American. gafam.ai will be watching.
We are not first. We are right.
SOURCES
— ResultSense / Financial Times: AI leaders back bioweapon DNA-screening law — Anthropic offers EU Mythos access, ENISA talks ongoing; OpenAI gives nine UK banks GPT-5.5-Cyber
— The Hacker News: OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security Flaws
— Anthropic Newsroom: Announcements — June 2026
🔒 This analysis is for GAFAM Intelligence members only.
Already a member? Log in here