The European Commission sat down with Anthropic on Thursday, continuing a string of meetings that have quietly become one of the more consequential regulatory conversations in AI right now.

The meeting, held in San Francisco, focused on Anthropic’s advanced AI model known as Hypothesis, with particular attention paid to its cybersecurity capabilities and whether the EU can get broader access to it. The Commission has held at least four to five prior engagements with the company since mid-May, all centered on the sophisticated vulnerability discovery and exploitation abilities baked into the company’s models.

What the EU actually wants

European officials have raised pointed concerns about limited access to Anthropic’s Mythos model, which was released around early April 2026. Anthropic has so far restricted that model to selected US partners for defensive cybersecurity purposes, essentially keeping Europe on the outside looking in.

EU legislators have drawn direct comparisons to OpenAI, which offered model access for regulatory review in May 2026.

The urgency is tied directly to the EU AI Act, the bloc’s landmark legislation designed to mandate transparency and safety requirements for AI deployments across member states. With implementation timelines approaching, the Commission needs to understand what these models can actually do, particularly when the capabilities in question involve finding and exploiting cybersecurity vulnerabilities.

Anthropic’s balancing act

Anthropic previously pledged alignment with the EU’s General-Purpose AI Code of Practice, a commitment initially announced on July 21, 2025. That code of practice is one of the key mechanisms through which the AI Act will be operationalized for general-purpose AI models.

The Commission has not yet held formal discussions specifically on model access, which means the Thursday meeting likely pushed that conversation further along without reaching a resolution.