EU lawmakers warn AI hacking tools outpace cybersecurity rules
Quick Look
EU lawmakers are urging the bloc to revise its cybersecurity laws to address new AI hacking tools like Anthropic's Mythos, warning current regulations are "ill-equipped." They called for a "European mitigation plan" and access for the EU's cyber agency ENISA to scrutinize AI models.
AI-generated summary
Why It Matters
European Union lawmakers have expressed concerns that the bloc's current cybersecurity rules are inadequate to address the risks posed by new AI hacking tools, such as Anthropic's Mythos. This comes as the EU struggles to access cutting-edge AI for risk assessment.
The European Union's cybersecurity rules are "ill-equipped" to deal with a new generation of AI hacking tools like Anthropic’s Mythos, lawmakers said Monday in a letter obtained by POLITICO.
Thirty members of the European Parliament from six political groups told Commission Executive Vice President Henna Virkkunen that the bloc needs to revise its laws and come up with a "European mitigation plan" to fight hacking risks associated with new AI models.
Anthropic announced last month that its model outperformed humans in finding and exploiting security vulnerabilities, alarming government and cybersecurity officials across the world. The new tech has also highlighted Europe's struggle to gain access to cutting-edge AI to assess the risks.
"Europe is not at the table," said Bart Groothuis, a Dutch liberal lawmaker and one of the letter’s signatories. "I think that we should shake the tree much, much harder."
The Parliament’s internal market committee invited Anthropic to join a public hearing later this week, but the company said it was "unable to accept" the invitation to attend the hearing "at short notice," according to a statement shared with POLITICO on Monday.
The lawmakers who signed the letter argued the European Union should reform its rules around the disclosure of cyber flaws and how they are fixed. They also urged the EU executive to prioritize the protection of "crown jewels," like critical sector operators.
They pushed for the EU's cyber agency ENISA to get access to Mythos and other models to scrutinize the risks.
Lawmakers are already eyeing an ongoing reform of the EU’s Cybersecurity Act to respond to the new threats, according to Groothuis, who previously served as a senior cybersecurity official in the Dutch government. The chief lawmaker on that bill, Czech Pirate Party member Markéta Gregorová, also signed Monday's letter.
Commission spokesperson Thomas Regnier said in a statement the Commission has had “numerous” technical meetings with Anthropic since August 2025 to work with the firm on implementing the EU’s AI code of practice, which helps industry comply with requirements under the AI Act. The Commission has also held “several meetings” with the company to discuss Mythos specifically, he said.
“Once the enforcement powers of the AI Office start in August 2026, we will ensure to receive, if needed, model access,” Regnier said. The EU’s AI Office is the unit inside the Commission’s digital policy department that is tasked with policing AI risks, among other things.
This article was updated to include a comment from the European Commission.
What to Watch
AI outlook — possibilities, not facts
The EU will initiate reforms to its Cybersecurity Act to address AI threats.
Likely · Within months
The EU AI Office will receive model access if needed once enforcement powers begin.
Likely · Within months
Open Questions
- Will the EU successfully revise its laws to effectively counter AI hacking risks?
- Will Anthropic provide access to its Mythos model for scrutiny by ENISA?
- What specific 'European mitigation plan' will be developed?
- How will the EU ensure it gains access to cutting-edge AI for future risk assessments?
