Access to Anthropic’s Claude Mythos AI model exposes the real sovereignty problem in European payments.
The Financial Stability Board (FSB) has reportedly reached an agreement with Anthropic following concerns that EU banks would be shut out from learning about the model altogether.
As part of the arrangement, the Governor of the Bank of England, Andrew Bailey, who also chairs the FSB, will meet with the US company. Anthropic is expected to use these meetings to outline potential threats posed to banks and financial institutions by its Claude Mythos AI model.
The company previously provided banks with a preview of Claude Mythos, claiming the service can “find and exploit vulnerabilities in every major operating system and web browser”.
However, after weeks of discussions with European banks seeking access to the model to identify weaknesses and strengthen protections, the US government intervened. The government’s reasoning was tied to national security concerns and fears that highly advanced cybersecurity capabilities could fall into the wrong hands or be distributed too broadly overseas.
It was then announced that a handful of companies and banks, including JPMorgan Chase and Apple, were permitted to use the model as part of Project Glasswing. Payment Expert understands this group does not include any European-based institutions, but findings from this closed testing group will likely be shared with the FSB.
OpenAI allows hands-on experimentation
Anthropic promoted Claude Mythos to have the ability to uncover high‑risk vulnerabilities across the kinds of systems financial institutions rely on every day. During early previews, the model was said to have identified weaknesses in operating systems, exposed flaws in browsers, and mapped misconfigurations in cloud environments at a scale that would normally require large team operations.

It also showed an ability to generate sophisticated phishing and social‑engineering pathways, raising concerns about how quickly such capabilities could be misused if they were leaked.
These demonstrations placed pressure on European banks, who feared they were being left without access to the same level of defensive insight available to US firms. This concern grew once Washington restricted Mythos, prompting OpenAI to step in.
George Osborne, who now leads OpenAI’s OpenAI for Countries initiative, wrote to the European Commission and member states, promising to support European cyber resilience.
“Through the OpenAI EU Cyber Action Plan, we will work with European policymakers, institutions and businesses by democratising access to the defensive tools that trusted actors can use to strengthen shared security, support public safety and reflect European priorities,” read the letter.
OpenAI then offered European banks access to its GPT-5.5 model, which aims to help them test systems, analyse code and simulate attacks. While not identical to Mythos, it is understood to be a close replacement.
Europe’s sovereignty battle transcends card payments
Europe has openly worked to reduce its reliance on US companies in payments due to sovereignty concerns, which has led to initiatives such as Wero being launched as a competitor to Visa and Mastercard. However, the recent Anthropic and OpenAI saga has exposed the continent’s weaker position in the AI race.
The US, EU and UK all took different regulatory paths when it came to AI. The US opted for an innovation‑first approach, the EU prioritised risk and rights through the AI Act, and the UK looked to present itself as a pro‑innovation middle ground. Each market wanted to lead the AI race, but the US has pulled ahead and is now locked in a strategic contest with China.
This lack of domestic competition in the UK and EU creates significant problems for banks and payments firms. Bad actors are adopting AI and are believed to be sharing techniques across networks. As models become more capable of penetrating defences, financial institutions need access to the strongest systems available.
However, as AI becomes tied to geopolitics and national‑security considerations, banks in Europe and the UK may struggle to secure the same level of access as their US counterparts.