The Automation of Insecurity: Project Glasswing and the Reconfiguration of Cybersecurity Law in the Era of Frontier AI

The Automation of Insecurity: Project Glasswing and the Reconfiguration of Cybersecurity Law in the Era of Frontier AI

1. Introduction: The Collapse of the Twenty-Year Equilibrium

1.1. Definition of the Phenomenon: Frontier AI as an Autonomous Discovery Agent 1.2. Working Hypothesis: The Insufficiency of the Current Regulatory Framework in the Face of Algorithmic Exploitation Speed 1.3. Methodology and Sources

2. Technical and Factual Framework: The Architecture of Claude Mythos Preview

2.1. Agentic Capabilities: Building Exploit Chains and Generating Proofs of Concept (PoC) 2.2. Analysis of Empirical Cases: Vulnerabilities in OpenBSD, FFmpeg, and the Linux Kernel 2.3. Project Glasswing: A Model of Restricted and Collaborative Deployment

3. Civil Liability and Omission Regime: The Patching Dilemma

3.1. The Doctrine of Effective Knowledge under the GDPR and the NIS2 Directive 3.2. Developer Due Diligence Standards: Is There a Universal Duty to Disclose? 3.3. Liability for Triage Fatigue and Systemic Risk Management in the Supply Chain 3.4. Jurisprudential Reference

4. Compatibility and Compliance under Regulation (EU) 2024/1689 (Artificial Intelligence Act)

4.1. Classification of Mythos as an AI Model with Systemic Risk (Arts. 51 and 52) 4.2. Transparency Obligations, Impact Assessment, and Incident Notification (Arts. 53, 55 and 86) 4.3. The Role of the AI Office, Codes of Practice (Art. 56), and Regulatory Sandboxes (Art. 57)

5. Governance of Dual Use and Export Controls

5.1. Regulation (EU) 2021/821 and U.S. EAR: Is Glasswing a Defensive Tool or an Offensive Capability? 5.2. Geopolitics of AI: The Transatlantic Split between Offensive Realism (U.S.) and Risk Container (EU) 5.3. Restricted Access as a Trade and National Security Barrier

6. Protection of Critical Infrastructure and the Open Source Ecosystem

6.1. The NIS2 Directive and the Conflict with Critical Operators' Remediation Times 6.2. The Collapse of the Voluntary Maintenance Model: Impact Analysis on the Linux Foundation and Apache (Comparative Law Perspective) 6.3. The End of the 90-Day Responsible Disclosure Policy 6.4. Implications for Cyber Risk Insurance

7. Comparative Analysis of Transparency Governance

7.1. OpenAI Daybreak: The Integrated Commercial Approach versus Anthropic's Gatekeeping 7.2. Mistral Blackbox and European Technological Sovereignty as a Counterweight 7.3. The Council of Europe Framework Convention on AI (CETS No. 225): A Forgotten Framework 7.4. Convergence of Discovery: The Risk of Uncoordinated Simultaneous Research

8. Proposals Lege Ferenda: A New Legal Order for AI-Driven Cybersecurity

8.1. International Coordination Window (ICW): Towards a Global Standard for Autonomous Zero-Days 8.2. Implementation of the ISO/IEC 5338 Standard and Mechanical Architecture Verification 8.3. Controlled Public Registry of Algorithmically Detected Vulnerabilities

9. Conclusions: Towards Architectural Resilience

10. Consolidated Footnotes (Single Numbered List)

🔹 SECTION 1 – INTRODUCTION

1.1. Definition of the Phenomenon: Frontier AI as an Autonomous Discovery Agent

On April 7, 2026, Anthropic announced the launch of Project Glasswing, a collaborative security initiative designed to protect global critical software against the emerging capabilities of frontier artificial intelligence (AI) models (1). This milestone does not merely constitute an incremental innovation; rather, it symbolizes the end of a twenty‑year period of stability in the cybersecurity ecosystem (2). Historically, the balance between digital offense and defense has depended on a fundamental scarcity: the limited availability of trained human experts capable of discovering and chaining complex zero‑day vulnerabilities (3).

Project Glasswing arises as a direct response to the findings made with Claude Mythos Preview, a general‑purpose model that has demonstrated an unprecedented ability to identify and exploit security flaws in the world’s most robust operating systems and browsers (4). By automating tasks that previously required months of manual research, frontier AI has dissolved the barriers of cost and time, transforming vulnerability discovery into an industrial‑scale inference process (5). This transition toward an Automated Vulnerability Epoch implies that cybersecurity is no longer limited by human talent for finding flaws, but rather by the technical capacity to verify and correct them — what in technical jargon is called patching (6).

1.2. Working Hypothesis: The Insufficiency of the Current Regulatory Framework in the Face of Algorithmic Exploitation Speed

The central hypothesis of this research holds that the current legal and operational framework — comprising regulations such as Directive (EU) 2022/2555 (NIS2), Regulation (EU) 2024/1689 (Artificial Intelligence Act), and traditional 90‑day responsible disclosure policies — faces structural obsolescence (7). The speed of algorithmic discovery is outpacing the linear remediation capacity of organizations, creating a critical security gap in the infrastructure that underpins the digital economy (8). While an AI model can generate a functional exploit from a patch in less than 30 minutes, development teams and open‑source maintainers typically require weeks to deploy secure solutions (9).

In this context, risk governance can no longer focus solely on flaw detection; it must pivot toward architectural resilience and impact radius containment (10). The existence of models with dual‑use capabilities raises profound legal dilemmas regarding liability for omission of patching and export controls on high‑capacity technologies, especially when these can be used to destabilize global financial stability (11).

1.3. Methodology and Sources

The present analysis adopts an interdisciplinary legal and technical methodology. It is based on a comprehensive review of primary sources, including technical reports from Anthropic, Cloudflare, and Microsoft, assessments from national security institutes (such as the UK AI Security Institute), and communications from regulatory agencies of the European Union and the United States (12). Likewise, a doctrinal analysis is incorporated on the impact of AI on civil liability regimes and compatibility with international cybersecurity standards (13). The comparative approach allows for the identification of strategic divergences between the European defensive model and the U.S. offensive realism in the management of automated zero‑days (14).

🔹 SECTION 2 – TECHNICAL AND FACTUAL FRAMEWORK: THE ARCHITECTURE OF CLAUDE MYTHOS PREVIEW

2.1. Agentic Capabilities: Building Exploit Chains and Generating Proofs of Concept (PoC)

The qualitative leap represented by Claude Mythos Preview compared to its predecessors — such as Claude Opus 4.6 — resides not merely in an increase in parameters or computing power, but in a fundamental transition toward autonomy in the cybersecurity domain (15). By agentic capabilities is meant the system's ability to execute chains of actions autonomously in complex environments, without step‑by‑step human intervention. While earlier language models acted as coding assistants or localized script generators, Mythos possesses the ability to reason non‑linearly about complex software structures (16). This capability manifests itself mainly in two dimensions: building exploit chains and iteratively generating proofs of concept (PoC) (15, 17).

In building exploit chains, the model is not limited to identifying an isolated vulnerability; rather, it is capable of chaining multiple low‑severity attack primitives to achieve total system compromise (15). For example, Mythos has demonstrated the ability to transform a use‑after‑free error into an arbitrary read/write primitive, then hijack control flow and use return‑oriented programming (ROP) chains (15). This level of strategic reasoning resembles that of a senior security researcher and significantly exceeds the performance of traditional automated scanning tools (15, 18).

In parallel, PoC generation is sustained by an autonomous feedback loop (15). The model writes the code necessary to trigger the suspected vulnerability, compiles it, and executes it in an isolated testing environment (15). If execution fails, Mythos analyzes the error, adjusts its technical hypothesis, and rewrites the exploit code until the vulnerability is confirmed (15, 17). Results on specialized benchmarks validate this advancement: on the SWE‑bench Verified metric, which evaluates the resolution of real‑world software engineering problems, Mythos achieved 93.9% compared to 80.8% for Opus 4.6 (19). On CyberGym, focused on vulnerability reproduction, the model obtained 83.1%, marking a substantial gap from the 66.6% of the previous generation (17, 19).

2.2. Analysis of Empirical Cases: Vulnerabilities in OpenBSD, FFmpeg, and the Linux Kernel

The effectiveness of Mythos Preview has been tested through the discovery of latent vulnerabilities in systems historically considered among the most secure in the industry (17, 20). Anthropic has documented findings in every major operating system and web browser, showing that many of these flaws survived decades of human review and millions of automated tests (1, 13).

A paradigmatic case is the discovery of a 27‑year‑old vulnerability in OpenBSD (1, 21). This system, internationally recognized for its extreme security focus and its use in critical infrastructures such as firewalls, contained a subtle logic error in the handling of TCP SACK states (16, 21). The flaw allowed a remote attacker to cause the crash of any machine with a single connection (1, 21). Likewise, in the FFmpeg video processing library, Mythos identified a 16‑year‑old error in a single line of code that traditional fuzzing tools had executed more than five million times without detecting anomalies (1, 21).

In the Linux ecosystem, the model was able to autonomously find and chain various kernel vulnerabilities to achieve privilege escalation, allowing an ordinary user to gain full system control (1, 15). Other findings include the identification of 271 vulnerabilities in Mozilla Firefox version 150 and a critical flaw in the wolfSSL cryptographic library (CVE‑2026‑5194) that allowed forging SSL/TLS certificates to impersonate banking or email portals (17, 19).

2.3. Project Glasswing: A Model of Restricted and Collaborative Deployment

Given the potential danger of these capabilities, Anthropic opted for a non‑public deployment model under the Project Glasswing initiative (1, 21). This consortium, which includes entities such as AWS, Microsoft, Google, JPMorgan Chase, and the Linux Foundation, allows systemically important organizations to use Mythos Preview to secure their own infrastructures and the open‑source projects on which they depend (18, 22).

Access to the model is managed through an operational scanning harness (17, 23). This technical framework, largely inspired by Cisco's Foundry Security Spec, divides the work into phases: reconnaissance (recon), where an agent maps the architecture and trust boundaries; hunt, where multiple agents execute parallel tasks to detect specific classes of attacks; and validation (validate), where a second independent agent attempts to refute the first agent's findings to reduce false positives (15, 17).

This restricted deployment responds to national security concerns (20). The fact that external labs have managed to partially reproduce some of Mythos's findings using public models such as GPT‑5.4 or Opus 4.6 suggests that the defensive moat no longer lies in exclusive access to the model, but rather in the operational capacity to validate and prioritize findings at a speed greater than that of offensive actors (16, 23).

🔹 SECTION 3 – CIVIL LIABILITY AND OMISSION REGIME: THE PATCHING DILEMMA

3.1. The Doctrine of Effective Knowledge under the GDPR and the NIS2 Directive

The ability of Claude Mythos to identify thousands of vulnerabilities in infinitesimal time periods introduces an immediate legal tension regarding the doctrine of effective knowledge (8). Under regulatory frameworks such as the General Data Protection Regulation [GDPR, Regulation (EU) 2016/679] and Directive (EU) 2022/2555 (NIS2), the obligation to adopt corrective measures and report incidents is triggered at the moment an organization becomes aware of a weakness compromising the security of its systems or data (8, 23). Project Glasswing has transformed risks that were previously considered latent or unknown into manifest risks for its more than 150 operational partners (4).

In the context of NIS2, Article 21 (Cybersecurity risk management) requires essential and important entities to apply proportionate technical and organizational measures to manage risks in their supply chains (24). Article 23 (Incident notification) imposes specific deadlines: early warning within a maximum of 24 hours, initial notification within 72 hours, and a final report within one month from the detection of the incident (24). The discovery of a critical flaw through Mythos places the security officer in a position of legal vulnerability: once the model generates a validated report, the entity possesses effective knowledge that cannot be ignored (24). Delaying the patching of an AI‑identified critical vulnerability beyond what is technically reasonable could be interpreted as gross negligence, especially if that weakness is later exploited by a third party (11).

In parallel, Article 33 of the GDPR requires the controller to notify the supervisory authority of a personal data breach "without undue delay and, where feasible, not later than 72 hours" (25). Article 34 establishes the communication of the breach to the data subjects when it is likely to result in a high risk to their rights and freedoms (25). In the financial sector, Regulation (EU) 2022/2554 (DORA) — on digital operational resilience — imposes more stringent notification thresholds, harmonized at the European level (26).

3.2. Developer Due Diligence Standards: Is There a Universal Duty to Disclose?

The deployment of Glasswing raises questions about Anthropic's liability as a discoverer of globally impactful flaws. Historically, Coordinated Vulnerability Disclosure (CVD) policies have respected a courtesy window of 90 days before technical publication (9). However, the speed of algorithmic discovery has rendered this standard obsolete, given that an AI can transform a patch into a functional exploit in less than 30 minutes (9, 6).

A due diligence dilemma thus arises: does the AI developer have an obligation to disclose its findings to the entire community, or is it legitimate to restrict access to a consortium of selected partners? The justification for restricted deployment lies in the need to prevent the proliferation of offensive capabilities before robust safeguards exist (21, 2). Nevertheless, from a civil liability perspective, this informational asymmetry could give rise to claims if an entity outside the consortium suffers an attack through a vulnerability that was already known and privately managed (5, 27).

The European CVD framework is articulated through the ENISA Coordinated Vulnerability Disclosure Policy (2022), which recommends a 90‑day coordination period but allows for justified exceptions (28). Unlike the U.S. CERT/CC (CERT Coordination Center) system, which operates under a broad disclosure model, the ENISA policy emphasizes sectoral collaboration and confidentiality during the remediation phase (28). The standard of reasonable care is being redefined by the existence of these tools, forcing developers to balance transparency against the risk of information weaponization (27).

3.3. Liability for Triage Fatigue and Systemic Risk Management in the Supply Chain

One of the most disruptive impacts of Mythos is the generation of a human capacity crisis known as triage fatigue (9, 6). In its first month of operation alone, the project detected more than 10,000 high‑ or critical‑severity flaws (8, 4). This flood of reports saturates security teams and open‑source maintainers, who are overwhelmed by the need to verify an avalanche of alerts, some of which may be plausible hallucinations generated by lower‑precision models (9, 6).

Legally, triage fatigue does not exempt organizations from liability, but it complicates the assessment of culpability in cases of omission (27). For boards of directors, this transcends the technical and becomes an operational governance risk (27). Boards must now oversee whether the company's risk management is scaled to operate at machine speed (27, 2). The inability to scale patching processes in the face of automated findings could be interpreted by regulators and investors as a failure to supervise material risks, underscoring the need to transition toward automated response models and value‑based prioritization (5).

An area not developed in previous analyses but of growing relevance is cyber risk insurance (5). The structural acceleration of vulnerability discovery modifies the actuarial calculation of risk: standard policies include exclusions for unpatched known vulnerabilities. When discovery is automatic and massive, determining the exact moment at which a vulnerability becomes known becomes a litigious issue (5).

3.4. Jurisprudential Reference

The case law of the Court of Justice of the European Union has established relevant criteria regarding data transfers and platform liability. In the Schrems II case (CJEU C‑311/18), the Court invalidated the EU‑U.S. Privacy Shield due to insufficient protection of European data against U.S. surveillance laws, setting a precedent on the need to assess the legal security of the recipient country (29). In the Meta Platforms case (CJEU C‑252/21), the Court interpreted that platforms cannot condition access to the service on consent to data processing for improvement purposes, reinforcing the principle of minimization (30). At the national level, the Spanish Data Protection Agency (AEPD) has reiterated in its doctrine that the duty of diligence in system security (Article 32 GDPR) requires the adoption of updated technical measures proportionate to the state of the art (31).

🔹 SECTION 4 – COMPATIBILITY AND COMPLIANCE UNDER REGULATION (EU) 2024/1689 (ARTIFICIAL INTELLIGENCE ACT)

4.1. Classification of Mythos as an AI Model with Systemic Risk (Arts. 51 and 52)

Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 — known as the Artificial Intelligence Act (AI Act) — entered into force on 1 August 2024 (Article 113, first paragraph). The provisions concerning general‑purpose AI (GPAI) models with systemic risk became applicable as of 2 August 2025 (Article 113(3)(c)). In turn, the obligations for high‑risk AI systems listed in Annex III began to apply on 2 August 2026 (32).

In this framework, Claude Mythos Preview is unequivocally classified as a GPAI model presenting systemic risk under Article 51 of the AI Act. This provision defines systemic risk by reference to the high‑impact capabilities of the model, assessed through state‑of‑the‑art technical metrics (32). Mythos's results on benchmarks such as CyberGym (83.1%) and its demonstrated ability to autonomously generate exploit chains place it above the security thresholds that the European Commission considers critical for the stability of the internal market (19, 33). Additionally, Article 52 of the AI Act establishes the specific obligations for providers of GPAI models with systemic risk, including model evaluation, systemic risk assessment, and notification of serious incidents (32).

4.2. Transparency Obligations, Impact Assessment, and Incident Notification (Arts. 53, 55 and 86)

Providers of GPAI models, with or without systemic risk, are subject to the obligations of Article 53 of the AI Act: to draw up and keep up‑to‑date the technical documentation of the model, to provide information to providers of AI systems that integrate the model, and to establish a policy for compliance with copyright legislation (32). For providers of models with systemic risk, Article 55 adds reinforced obligations: to carry out model evaluations according to harmonised protocols, to assess and mitigate possible systemic risks at Union level, to notify the Commission of any serious incident, and to ensure an adequate level of cybersecurity (32).

Project Glasswing functions, in practice, as a by design risk mitigation mechanism, by restricting access to verified actors and allowing coordinated patching before the model proliferates (21). Nevertheless, the AI Act imposes a transparency duty that challenges the closed consortium model (5). Anthropic must maintain up‑to‑date technical documentation and make detailed information on model training and security testing available to the AI Office (32). The opening of Mythos to the European Union Agency for Cybersecurity (ENISA) on 1 June 2026 constitutes a relevant step towards compliance with these sovereign supervision obligations (12).

Furthermore, Article 86 of the AI Act should be noted, which establishes a right to an explanation of individual decisions taken on the basis of high‑risk AI systems (32). This right, autonomous and distinct from the right of information under Article 22 of the GDPR, allows affected persons to request a clear and meaningful explanation of the role of the AI system in the decision‑making process. In the context of Glasswing, if an AI model identifies a vulnerability in a critical infrastructure and recommends its patching, the operator could invoke this right to learn the technical criteria that motivated the alert (27).

4.3. The Role of the AI Office, Codes of Practice (Art. 56), and Regulatory Sandboxes (Art. 57)

The governance of GPAI models is articulated through the AI Office (established within the Commission) and the codes of practice provided for in Article 56 of the AI Act (32). These codes establish minimum standards for systemic risk management, including the obligation to carry out periodic stress tests (red‑teaming). Experts from the European Commission have advocated for the early activation of these codes for Mythos, allowing the model to undergo technical audits before its mass commercial deployment (33).

An additional instrument, often overlooked in preliminary analyses, is Article 57 of the AI Act, which imposes on Member States the obligation to establish regulatory sandboxes for AI before 2 August 2026 (32). These sandboxes allow innovative AI systems to be tested under regulatory supervision before being placed on the market. Project Glasswing — or its European equivalents such as Mistral's effort with BNP Paribas — could take advantage of these environments to validate their cybersecurity capabilities without full exposure to liability during the experimental phase (27).

The regulatory framework seeks normative convergence with other sectoral directives. Compliance of Mythos with the AI Act must be aligned with the DORA Regulation for the financial sector and the NIS2 Directive for critical infrastructures (23, 33). The Glasswing Protocol, discussed in EU industry forums, suggests that autonomous vulnerability discovery should be treated as a standard risk of information and communication technologies (ICT), integrating AI findings directly into industrial auditing systems (14). Thus, the AI Office acts not only as a product regulator, but also as a coordination node ensuring that the speed of AI does not compromise the systemic integrity of the European digital ecosystem (33, 27).

🔹 SECTION 5 – GOVERNANCE OF DUAL USE AND EXPORT CONTROLS

5.1. Regulation (EU) 2021/821 and U.S. EAR: Is Glasswing a Defensive Tool or an Offensive Capability?

The intrinsically dual nature of Claude Mythos Preview poses a fundamental challenge to export control regimes and the international trade of advanced technology (6). Being capable of generating both defensive patches and functional exploit chains in less than 30 minutes, the model falls within the categories of dual‑use items that may be diverted toward military or systemic destabilisation purposes (9). Within the European Union framework, Mythos's capabilities for intercepting communications and discovering vulnerabilities in critical infrastructures conceptually link it to Category 5 (Part 1) of Regulation (EU) 2021/821 of the European Parliament and of the Council of 20 May 2021 establishing a Union regime for the control of exports, brokering, technical assistance, transit and transfer of dual‑use items (34). Specifically, entry 5A002 (systems, equipment and components for communications surveillance) and 5D002 (software specially designed for traffic analysis) are relevant when the model is deployed with offensive capabilities (34).

In the United States, the Export Administration Regulations (EAR) framework under the Bureau of Industry and Security (BIS) classifies these tools with greater precision. The correct categories for Mythos's capabilities are:

• ECCN 5E001: Technology for the development, production or use of equipment or software included in categories 5A001 or 5D001, where such technology can be used to compromise communications systems (35).
• ECCN 5D001: Software designed or modified for the development, production or use of equipment specified in 5A001, especially when it incorporates protocol analysis and exploit generation capabilities (35).
• ECCN 5D002: Software for communications interception or network traffic analysis, a category directly applicable to Mythos's reconnaissance modules (recon) (35, 19).

Anthropic's decision to implement an elective restricted deployment through Project Glasswing largely responds to the need to prevent these capabilities from proliferating to unwanted actors before robust safeguards exist (2). However, the boundary between a cyberdefence tool and a covert offensive capability is porous: the same engine that validates a patch for OpenBSD is capable of autonomously weaponising a privilege escalation exploit in the Linux kernel (1, 15).

5.2. Geopolitics of AI: The Transatlantic Split between Offensive Realism (U.S.) and Risk Container (EU)

The governance of Mythos has revealed a deep strategic divergence between Washington and Brussels (2). While the European Union has adopted a risk container stance — focused on sovereign security, damage containment and strict auditing through agencies such as ENISA — U.S. policy seems to lean toward offensive realism (2, 3). The latter approach prioritises maintaining a competitive advantage in cyberattack capabilities and frontier innovation leadership over preventive regulation (2, 3).

This fracture is evidenced by the disparate participation of national agencies: while the European Union Agency for Cybersecurity (ENISA) gained operational access to Mythos after extensive bilateral negotiations with the European Commission in June 2026 (12), the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has not confirmed similar direct participation (2). The repeal of previous executive orders in the U.S. and the shift toward voluntary review frameworks suggest that the U.S. government views Mythos as an instrument of national power that should not be excessively constrained by rigid regulatory mandates (14). Conversely, the EU seeks to integrate these models into its resilience ecosystem (NIS2, DORA) under strict public scrutiny (2, 23).

5.3. Restricted Access as a Trade and National Security Barrier

Project Glasswing is not only a security initiative, but also a mechanism of technological gatekeeping with direct economic implications (27). By restricting access to an exclusive consortium of organisations — including giants such as JPMorgan Chase, AWS and Microsoft — Anthropic creates a market asymmetry (8, 4). Entities within the consortium gain superior visibility into their latent vulnerabilities, allowing them to harden their systems and reduce their cyber risk premiums, while excluded organisations remain vulnerable to automated attacks carried out by third parties using similar public models (5, 6).

From a national security perspective, this restricted access acts as a defensive barrier protecting financial stability and critical infrastructures from systemic threats (11). Emergency meetings convened by Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell in April 2026 underscore that Mythos is perceived as a risk to global economic stability if its capabilities fall into the hands of state adversaries (11). In this sense, control over access to the model becomes an extension of foreign policy, where usage credit for frontier AI is granted only to verified strategic partners to maintain an asymmetric advantage over organised crime and hostile states (34, 35).

🔹 SECTION 6 – PROTECTION OF CRITICAL INFRASTRUCTURE AND THE OPEN SOURCE ECOSYSTEM

6.1. The NIS2 Directive and the Conflict with Critical Operators' Remediation Times

The expansion of Project Glasswing to approximately 150 organisations in June 2026 has prioritised critical infrastructure sectors that previously did not have access to frontier models, such as energy, water, health and communications (8). The legal relevance of this inclusion is paramount: Anthropic estimates that a successful attack on the codebase of these partners could have catastrophic consequences, affecting more than 100 million people and compromising national security (8). In this scenario, Directive (EU) 2022/2555 (NIS2) imposes strict risk management (Article 21) and incident notification (Article 23) obligations that clash head‑on with the reality of automated discovery (24).

While Article 21 of NIS2 requires essential and critical entities to adopt proportionate technical and organisational measures to ensure service continuity, the discovery of thousands of flaws through Mythos generates an insurmountable operational gap (24). Organisations face a compliance dilemma: European regulations require speed of response — with early warning deadlines of 24 hours, initial notification within 72 hours, and a final report within one month — but the patching process in critical infrastructures (such as electricity grids or hospital systems) cannot be compressed to AI speed without introducing risks of regression or systemic instability (24, 36). Mythos's machine speed has outpaced operators' linear remediation capacity, forcing a reinterpretation of the standards of "adequate and proportionate technical and organisational measures" required by the European legislator (36).

6.2. The Collapse of the Voluntary Maintenance Model: Impact Analysis on the Linux Foundation and Apache (Comparative Law Perspective)

The open source ecosystem, which underpins most critical infrastructures and financial systems, is in a state of structural vulnerability in the face of algorithmic discovery (6). A report by the Cloud Security Alliance (CSA) revealed an alarming statistic: out of 1,596 high‑severity vulnerabilities discovered by Mythos and communicated to open‑source project maintainers, only 97 had been patched within a two‑month period (6). This mismatch shows that the cybersecurity bottleneck is no longer detection, but the finite human capacity to verify and correct code (6, 37).

Maintainers of key projects at the Linux Foundation and the Apache Software Foundation are experiencing unprecedented triage fatigue (9). In addition to the avalanche of valid reports, there is noise generated by low‑quality reports or plausible hallucinations produced by lower‑capability AI models, forcing volunteers to spend hours debugging non‑existent flaws (9). In response, Anthropic has donated $4 million to support organisations such as the Alpha‑Omega project of the OpenSSF, seeking to scale triage structures (4). However, doctrinal experts suggest that these donations are palliatives before a systemic problem: the end of voluntary maintenance as a viable model for frontier cybersecurity (6).

A comparative law analysis is illustrative. In the United States, the open‑source funding model received a significant boost following the Cybersecurity Executive Order (Executive Order 14028, May 2021), which required federal agencies to improve the security of open‑source software (38). The CISA Open Source Software Security Roadmap (2023) established priorities such as measuring risk in the OSS ecosystem and collaborating with the Linux Foundation to audit critical components (39). These instruments are based on a shared responsibility approach between the public and private sectors, unlike the European model, which is more focused on self‑regulation and voluntarism (38, 39). The absence of a similar mechanism in the EU — beyond ENISA reports — constitutes a governance gap that Project Glasswing has exposed (36).

6.3. The End of the 90‑Day Responsible Disclosure Policy

The industry convention of waiting 90 days to disclose a vulnerability before coordinated publication is considered technically obsolete in the Mythos era (9). The premise of the 90‑day window was to give defenders a temporary advantage based on the human difficulty of reverse engineering (9). However, a frontier AI model can today ingest a patch, identify the underlying flaw, and generate a functional exploit in less than 30 minutes (9). This near‑instantaneous exploitation capability means that the patch itself acts as a signal for automated attack, eliminating the grace period for companies (9).

Moreover, the phenomenon of simultaneous convergent discovery aggravates the situation: given that multiple actors (including state adversaries) use models trained on similar datasets, they are likely to find the same critical flaws almost simultaneously (9). In this context, maintaining a 90‑day embargo does not protect the user; rather, it gives attackers an exclusivity window (9). Therefore, industry leaders such as Cloudflare argue that defence architecture must prioritise isolation and impact radius containment over patching speed (15). Cybersecurity is moving from a trust‑in‑the‑patch model to one based on architectural resilience, where constant system compromise is assumed (15).

6.4. Implications for Cyber Risk Insurance

The impact of Glasswing on the cyber insurance market deserves specific treatment, beyond mere reference to risk premiums. The materialisation of insured risk is structurally accelerated, affecting two typical policy clauses (5):

• The known vulnerability exclusion clause: whereby an insurer may deny coverage if the exploited vulnerability was known to the insured and had not been patched within a reasonable period. With the massive discovery by Mythos, determining the exact moment at which a vulnerability becomes known becomes a complex evidential issue (5, 40).
• The reasonable efforts clause: policies require the insured to adopt security measures proportionate to the risk. When frontier AI discovers thousands of flaws, the standard of proportionality must be adjusted to the organisation's actual remediation capacity, otherwise coverage becomes unworkable (5, 40).

Insurers are beginning to require insured parties to participate in consortia such as Glasswing or to adopt equivalent tools as a condition for maintaining coverage (5). This trend, initially observed in the U.S. banking sector following the Federal Reserve's warning, could extend to Europe if ENISA or the prudential supervisory authorities (EBA, EIOPA) issue guidelines to that effect (11, 41).

🔹 SECTION 7 – COMPARATIVE ANALYSIS OF TRANSPARENCY GOVERNANCE

7.1. OpenAI Daybreak: The Integrated Commercial Approach versus Anthropic's Gatekeeping

The industry's response to the capabilities of Claude Mythos materialised on 11 May 2026 with the launch of OpenAI Daybreak (9). This move defines a fundamental divergence in frontier AI governance philosophies. While Anthropic has adopted a strict gatekeeping stance and elective restricted deployment — limiting Mythos to a vetted consortium to prevent proliferation — OpenAI has positioned Daybreak as a commercially accessible defence platform integrated directly into the developer workflow (9, 42).

Technically, Daybreak couples the GPT‑5.5 family of models with Codex Security, an agentic harness that builds editable threat models and performs validations in isolated environments (9, 42). Unlike Project Glasswing, which focuses on protecting critical infrastructures through systemic partners, Daybreak implements a tiered access model: GPT‑5.5 Default (with standard safeguards), GPT‑5.5 Trusted Access for Cyber (TAC) (for verified enterprise defenders), and GPT‑5.5‑Cyber (a permissive model for red‑teaming and controlled validation) (42). This structure seeks to democratise defence capability, but introduces the risk that the security moat now depends on the robustness of OpenAI's identity verification processes (9).

7.2. Mistral Blackbox and European Technological Sovereignty as a Counterweight

The concentration of defensive capabilities in U.S. providers has generated deep concern about the strategic autonomy of the European Union (43). In May 2026, the financial institution BNP Paribas announced a strategic alliance with the French firm Mistral to develop specialised cybersecurity models that would serve as a sovereign counterweight to Anthropic's and OpenAI's solutions (43).

This initiative, often referred to as the effort for a black box or sovereign specialised model, seeks to ensure that European financial and critical infrastructures do not establish a structural dependency on U.S. platforms (14, 43). European governance, through the Futurium AI Alliance, advocates for mechanical verification at the architecture layer that is independent of external oversight (14). In this sense, Mistral's proposal aligns with the vision that digital sovereignty is only effective when computing, energy, and industrial security are treated as a unified operating system under regional control (14, 44).

7.3. The Council of Europe Framework Convention on AI (CETS No. 225): A Forgotten Framework

A first‑order international instrument omitted from most analyses on frontier AI governance is the Council of Europe Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law (CETS No. 225), adopted on 5 September 2024 and opened for signature on 5 September 2025 (45). This treaty constitutes the first legally binding international agreement on AI, and its relevance to Project Glasswing is multiple.

First, the Convention is not limited to Council of Europe member states (46 states), but is open for signature by third states, including the United States (45). Thus, it establishes a global minimum standard that transcends European borders. Second, Article 4 of the Convention requires parties to adopt measures to ensure that activities within the lifecycle of AI systems are compatible with obligations regarding human rights, democracy and the rule of law (45). Mythos's offensive capabilities — especially its potential to destabilise critical infrastructures or generate exploits without human supervision — raise direct questions about compliance with this standard.

Third, Article 11 of the Convention establishes the obligation to carry out impact assessments on human rights and the risk of adverse effects on democracy (45). The restricted deployment of Project Glasswing, although justified for national security reasons, could be examined in light of this provision: does the concentration of vulnerability‑detection capabilities in a private consortium create an asymmetry affecting the right to equality of arms in cyberspace? (45). The absence of an impact assessment under the terms of the Convention constitutes a compliance gap for Anthropic if the model is deployed in the territory of a State party (e.g., France or Germany) (45, 33).

Finally, Article 20 of the Convention provides for a monitoring mechanism through a Conference of the Parties, which may adopt recommendations and interpretative guidelines (45). Given that the EU is a party to the Convention (it signed in September 2025), the European Commission could propose specific guidelines for GPAI models with offensive cybersecurity capabilities, integrating Project Glasswing into the Convention's supervisory scope (33).

7.4. Convergence of Discovery: The Risk of Uncoordinated Simultaneous Research

A critical phenomenon identified after the deployment of Mythos and Daybreak is so‑called simultaneous convergent discovery (9). Given that multiple independent research teams and state actors use frontier models trained on similar datasets, the probability that they will discover the same critical vulnerabilities almost simultaneously has increased exponentially (9, 3).

This scenario invalidates the usefulness of traditional information embargo policies. As recent doctrine notes, if ten unrelated researchers find the same flaw within a six‑week period, maintaining a 90‑day embargo does not protect the end user; on the contrary, it gives undeclared attackers an exclusivity window for shadow exploitation (9, 3). The incidents of the Copy Fail and Dirty Frag vulnerabilities in the Linux kernel illustrate this collapse: in both cases, third parties published functional exploits before official patches were ready, breaking coordinated embargoes due to the pressure of parallel algorithmic discovery (9). This reality demands an urgent transition toward a high‑speed disclosure model and architectural resilience, where discovery is assumed to be inevitable and near‑instantaneous (15, 9).

🔹 SECTION 8 – PROPOSALS LEGE FERENDA: A NEW LEGAL ORDER FOR AI‑DRIVEN CYBERSECURITY

8.1. International Coordination Window (ICW): Towards a Global Standard for Autonomous Zero‑Days

The obsolescence of traditional 90‑day embargo periods, caused by the ability of frontier models to generate exploits in less than 30 minutes, demands a structural reform of Coordinated Vulnerability Disclosure (CVD) policies (9, 36). This article proposes the creation of an International Coordination Window (ICW) specifically designed for autonomously discovered vulnerabilities. This legal framework should recognise the phenomenon of simultaneous convergent discovery, where multiple actors identify the same flaw in parallel due to homogeneity in model training data (9, 3).

Enabling legal basis in European Union law: The ICW proposal could find legal basis in Article 114 of the Treaty on the Functioning of the European Union (TFEU) (internal market harmonisation), as well as in Article 16 TFEU (personal data protection) and Article 173 TFEU (industrial policy) (46). Alternatively, it could be articulated as a Commission recommendation under Article 288 TFEU or as a delegated act under the AI Act (Article 97 AI Act) (32, 46). Cooperation with third states would require international agreements based on Article 218 TFEU (46).

The ICW would not operate on a fixed term, but on a certified remediation speed model. Under this scheme, the embargo period would adjust dynamically according to the criticality of the affected infrastructure and the demonstrated capacity of maintainers to process algorithmic triage (6). To prevent prolonged embargoes from benefiting undisclosed attackers who may have converged on the same finding, the ICW would allow immediate technical disclosure through encrypted sovereign defence channels, such as those enabled by ENISA or CISA, even before the public patch is available (6, 28).

Comparison with existing initiatives: The ICW differs from the U.S. Vulnerability Equities Process (VEP) (47) in several respects. The VEP, established by Executive Order in 2017 and codified in the White House Memorandum of 2021, is an interagency process to decide whether a vulnerability discovered by the federal government should be disclosed or retained for intelligence or national security purposes (47). In contrast to this equitable but opaque approach, the ICW proposes algorithmic transparency and dynamic timelines linked to remediation capacity. For its part, the ENISA CVD programme (28) recommends standard deadlines but does not contemplate AI speed; the ICW would update that programme through a specific annex on vulnerabilities discovered by GPAI models (28, 33).

8.2. Implementation of the ISO/IEC 5338 Standard and Mechanical Architecture Verification

The regulatory framework must move from mere documentary compliance auditing to what doctrine calls compliance as measurable system integrity (14). This article proposes the mandatory adoption of the ISO/IEC 5338 standard for the defensive AI lifecycle, integrated with the principles of the Foundry Security Spec (4). This regulation would require that any agentic cybersecurity system operate under a Constitution of inviolable principles codified in machine‑readable languages, preventing the degradation of security thresholds for operational convenience (14, 4).

The legislative proposal would include the requirement for mechanical verification at the architecture layer, ensuring that AI systems remain behaviourally stable under stress (14). This implies that regulators would not only oversee model outputs, but also have access to the intervention logic and detectable failure trajectories before they become operational outcomes (14, 36). Within the European Union, this proposal would allow the AI Act to be aligned with the NIS2 Directive, transforming industrial validation into an automated process that ensures sovereign computing clusters operate within predefined stability parameters (14, 36).

Conflicts with trade secrets and intellectual property: The requirement for regulatory access to proprietary model intervention logic clashes with trade secret protection (Directive (EU) 2016/943) and software copyright (36). However, Article 78 of the AI Act already provides for the possibility of the Commission accessing models under enhanced confidentiality conditions (32). For Glasswing, an audited access procedure could be established in which the AI Office, assisted by independent experts, examines the model in situ without extracting source code (32, 33). This balance between transparency and intellectual property protection is technically feasible and has precedents in pharmaceutical regulations (EMA inspections) (46).

8.3. Controlled Public Registry of Algorithmically Detected Vulnerabilities

Faced with the imminent collapse of centralised registration systems such as the CVE and the NVD, which were not designed to absorb exponential volumes of findings, this article proposes the creation of a Controlled Public Registry of Autonomous Vulnerabilities (6, 5). Unlike current databases, this registry would focus not on flaw enumeration, but on remediation taxonomy (5). Market and legal value must shift from discovery — which is already a low‑cost commodity — to the ability to fix and validate the patch (5, 40).

This registry would operate under a remediation proof model, where organisations document triage, human validation, and patch execution through integrated audit trails (6, 40). Legally, the registry would serve as evidence of due diligence for boards of directors, allowing them to demonstrate that risk management is being conducted at a speed consistent with the threat (40). Likewise, for open‑source projects, this registry would facilitate the allocation of emergency maintenance funds, transforming the AI‑discovered vulnerability into a catalyst for financing structural resilience, rather than an unbearable burden for volunteers (6, 5).

Legal feasibility analysis: Implementing a controlled public registry requires a legal basis in EU law that respects the principles of proportionality and necessity. It could be articulated as a specific transparency obligation for providers of GPAI models with systemic risk, under Article 55(3) of the AI Act (which allows the Commission to request additional information) (32). To avoid duplication, the registry should interoperate with the European CVE system managed by ENISA (28). A potential obstacle is the treatment of unpatched vulnerabilities: immediate public disclosure could exacerbate exploitation risk. Therefore, the registry proposes a tiered access system (public only after the coordination window, and with anonymised data) (5, 40).

🔹 SECTION 9 – CONCLUSIONS: TOWARDS ARCHITECTURAL RESILIENCE

The deployment of Project Glasswing and the capabilities demonstrated by Claude Mythos Preview mark the definitive exhaustion of the equilibrium that has governed cybersecurity for the past two decades (3). The fundamental premise of this period — that discovering complex vulnerabilities was a costly activity limited by the scarcity of highly specialised human talent — has been invalidated by the advent of frontier AI (9). The transition towards an Automated Vulnerability Epoch implies that the discovery of systemic flaws has reached an industrial scale, reducing research costs to mere inference computing rates (3, 33).

In this new paradigm, the bottleneck of digital security has shifted from detection to remediation (4). While agentic models can identify thousands of critical vulnerabilities in infinitesimal time periods, the human capacity to verify, prioritise, and correct remains linear, finite, and, in many cases, voluntary (6, 37). This asymmetry is especially dangerous in the open‑source ecosystem, where triage fatigue caused by AI‑generated reports threatens to collapse the maintenance structures of critical infrastructures (6, 9). As a legal and technical consequence, the 90‑day coordinated disclosure standard must be considered structurally obsolete; the speed at which AI can convert a patch into a functional exploit — the so‑called instantaneous exploitation kinetics — eliminates any grace window for defenders (9, 3).

From a governance perspective, Project Glasswing has revealed a transatlantic strategic divergence (2). While the European Union moves toward a risk container model based on strict ENISA oversight and AI Act compliance — with the Council of Europe Framework Convention (CETS No. 225) as a possible global standard — the U.S. stance appears to lean toward offensive realism that prioritises technological leadership and national response capability (2, 45). Nevertheless, the warning from financial authorities about risks to global economic stability underscores that frontier AI is already a matter of national security that transcends mere commercial competition (11).

The legal analysis carried out demonstrates normative insufficiencies on multiple fronts. The liability regime for omission of patching, anchored in effective knowledge (Articles 21 and 23 NIS2; Article 33 GDPR), was not conceived for an environment of massive, automated discovery (24, 25). The AI Act, despite correctly classifying Mythos as a model with systemic risk (Articles 51‑52), still lacks specific developments for offensive‑defensive cybersecurity tools (32). Export controls (Regulation (EU) 2021/821 and EAR) present imprecise categories for the agentic capabilities of GPAI models (34, 35). The Council of Europe Framework Convention, despite being the first binding treaty on AI, has not yet been invoked to assess Glasswing's impact on human rights and democracy (45).

Finally, the regulatory and corporate response must not focus solely on accelerating the patching cycle, but on transforming the very architecture of systems (15). Architectural resilience, based on principles of zero trust and impact radius containment, is the only way to operate in an environment where vulnerability is constant and discovery is infinite (15, 40). The proposals lege ferenda outlined here — International Coordination Window, adoption of the ISO/IEC 5338 standard with mechanical verification, and controlled public registry of autonomous vulnerabilities — require deep technical‑legal debate, as well as an enabling legal basis in EU law and international agreements under Article 218 TFEU (46). The future of technology law and cybersecurity will depend on our ability to build infrastructures that not only detect failure, but are intrinsically capable of resisting and recovering at machine speed (15, 3).

🔹 SECTION 10 – CONSOLIDATED FOOTNOTES (Single Numbered List)

(1) Anthropic. (2026). "Project Glasswing: Securing critical software for the AI era". Institutional document. https://[www.anthropic.com/glasswing](https://www.anthropic.com/glasswing

(2) Ewbank, J. (2026). "SIGNAL: Project Glasswing and the End of the 20‑Year Equilibrium". Shadow & Signal. https://jennifer-ewbank.com/shadow-and-signal/f/signal-project-glasswing-and-the-end-of-the-20-year-equilibrium

(3) The Automated Vulnerability Epoch: Project Glasswing, Frontier AI, and the Collapse of Traditional Cybersecurity Paradigms (2026). Working paper without identified institutional author [provisional source, lacks publisher/DOI].

(4) Anthropic. (2026). Project Glasswing: An initial update. Institutional document. https://[www.anthropic.com/research/glasswing-initial-update](https://www.anthropic.com/research/glasswing-initial-update

(5) Forrester Research. (2026). "Project Glasswing: The 10 Consequences Nobody's Writing About Yet". Forrester Blogs. https://[www.forrester.com/blogs/project-glasswing-the-10-consequences-nobodys-writing-about-yet/](https://www.forrester.com/blogs/project-glasswing-the-10-consequences-nobodys-writing-about-yet/

(6) Cloud Security Alliance (CSA). (2026). "Project Glasswing: AI Discovery Outpaces Open Source Patching Capacity". Position paper. https://cloudsecurityalliance.org/artifacts/project-glasswing-ai-discovery-outpaces-open-source-patching-capacity

(7) Anand, H. (2026). Statements quoted in "OpenAI Launches Daybreak for AI-Powered Vulnerability Detection". The Hacker News [secondary citation, primary source not located].

(8) Anthropic. (2026). Expanding Project Glasswing. Institutional announcement. https://[www.anthropic.com/news/expanding-project-glasswing](https://www.anthropic.com/news/expanding-project-glasswing

(9) The Hacker News. (2026). "OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation". https://thehackernews.com/2026/05/openai-launches-daybreak-for-ai-powered.html

(10) Cloudflare Blog. (2026). "Defend against frontier cyber models: Cloudflare's architecture as customer zero". https://blog.cloudflare.com/frontier-model-defense/

(11) Sullivan & Cromwell LLP. (2026). "Treasury Secretary and Federal Reserve Chair Warn Bank CEOs About Cybersecurity Risks Posed by Anthropic's New AI Model". Legal memorandum. https://[www.sullcrom.com/insights/memo/2026/April/Treasury-Secretary-Federal-Reserve-Chair-Warn-Bank-CEOs-About-Cybersecurity-Risks-Posed-Anthropics-New-AI-Model](https://www.sullcrom.com/insights/memo/2026/April/Treasury-Secretary-Federal-Reserve-Chair-Warn-Bank-CEOs-About-Cybersecurity-Risks-Posed-Anthropics-New-AI-Model

(12) Dark Reading. (2026). Anthropic to Open Mythos AI to EU's ENISA. https://[www.darkreading.com/cyber-risk/anthropic-mythos-ai-eu-enisa](https://www.darkreading.com/cyber-risk/anthropic-mythos-ai-eu-enisa

(13) Noma Security. (2026). "The Mythos Reality Check: What Does Project Glasswing Mean for CISOs?". https://noma.security/blog/the-mythos-reality-check-what-does-project-glasswing-mean-for-cisos/

(14) Futurium (European Commission). (2026). "The Glasswing Protocol: Industrial Implications for the Digital Omnibus". https://futurium.ec.europa.eu/en/apply-ai-alliance/community-content/glasswing-protocol-industrial-implications-digital-omnibus

(15) Cloudflare Blog. (2026). Project Glasswing: what Mythos showed us. https://blog.cloudflare.com/cyber-frontier-models/

(16) Vidoc Security Lab. (2026). "We Reproduced Anthropic's Mythos Findings With Public Models". https://blog.vidocsecurity.com/blog/we-reproduced-anthropics-mythos-findings-with-public-models

(17) Anthropic Frontier Red Team. (2026). Claude Mythos Preview System Card. [Cited in (4)].

(18) Linux Foundation. (2026). "Introducing Project Glasswing: Giving Maintainers Advanced AI to Secure the World's Code". https://[www.linuxfoundation.org/blog/project-glasswing-gives-maintainers-advanced-ai-to-secure-open-source](https://www.linuxfoundation.org/blog/project-glasswing-gives-maintainers-advanced-ai-to-secure-open-source

(19) Vidoc Security Lab. (2026). "Why Mythos Doesn't Change Much (And What Actually Did)". https://blog.vidocsecurity.com/blog/why-mythos-doesnt-change-much

(20) INHR. (2026). What is Project Glasswing and Why Should We Care?. https://inhr.org/news/f/what-is-project-glasswing-and-why-should-we-care

(21) Anthropic. (2026). Project Glasswing (consortium details). https://[www.anthropic.com/project/glasswing](https://www.anthropic.com/project/glasswing

(22) Uni Systems. (2026). "Project Glasswing Changed My Perspective on Cybersecurity. Here's why". https://[www.unisystems.com/news/project-glasswing-changed-my-perspective-cybersecurity-heres-why](https://www.unisystems.com/news/project-glasswing-changed-my-perspective-cybersecurity-heres-why

(23) Harvard Law School Forum on Corporate Governance. (2026). "What Corporate Boards Need to Know and Do About Anthropic's Mythos and Project Glasswing". https://corpgov.law.harvard.edu/2026/05/24/what-corporate-boards-need-to-know-and-do-about-anthropics-mythos-and-project-glasswing/

(24) Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union (NIS2). OJ L 333, 27.12.2022, pp. 80‑174.

(25) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR). OJ L 119, 4.5.2016, pp. 1‑88.

(26) Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector (DORA). OJ L 333, 27.12.2022, pp. 1‑79.

(27) ENISA. (2022). Coordinated Vulnerability Disclosure Policy. European Union Agency for Cybersecurity. https://[www.enisa.europa.eu/topics/incident-response/coordinated-vulnerability-disclosure](https://www.enisa.europa.eu/topics/incident-response/coordinated-vulnerability-disclosure

(28) Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence (Artificial Intelligence Act). OJ L 2024/1689, 12.7.2024.

(29) Judgment of the Court of Justice (Grand Chamber) of 16 July 2020, Data Protection Commissioner v Facebook Ireland Ltd and Maximillian Schrems, C‑311/18, ECLI:EU:C:2020:559 (Schrems II).

(30) Judgment of the Court of Justice (Grand Chamber) of 4 July 2023, Meta Platforms Inc. and Others v Bundeskartellamt, C‑252/21, ECLI:EU:C:2023:537.

(31) Spanish Data Protection Agency (AEPD). (2024). "Criteria on due diligence in system security under Article 32 GDPR". (Consolidated administrative doctrine).

(32) Regulation (EU) 2021/821 of the European Parliament and of the Council of 20 May 2021 establishing a Union regime for the control of exports, brokering, technical assistance, transit and transfer of dual‑use items. OJ L 206, 11.6.2021, pp. 1‑462.

(33) Bureau of Industry and Security (BIS), U.S. Department of Commerce. (2026). Export Administration Regulations (EAR). 15 CFR Parts 730‑774.

(34) Executive Order 14028 of May 12, 2021, Improving the Nation's Cybersecurity. 86 FR 26633.

(35) Cybersecurity and Infrastructure Security Agency (CISA). (2023). Open Source Software Security Roadmap. https://[www.cisa.gov/resources-tools/resources/open-source-software-security-roadmap](https://www.cisa.gov/resources-tools/resources/open-source-software-security-roadmap

(36) The White House. (2021). "Memorandum on the Vulnerability Equities Policy and Process*. November 15, 2021.

(37) OpenAI. (2026). *Daybreak: OpenAI for cybersecurity". https://openai.com/daybreak/

(38) PYMNTS. (2026). "BNP Paribas and Mistral Team to Prep for Mythos‑Related Threats". https://[www.pymnts.com/cybersecurity/2026/bnp-paribas-and-mistral-team-to-prep-for-mythos-related-threats/](https://www.pymnts.com/cybersecurity/2026/bnp-paribas-and-mistral-team-to-prep-for-mythos-related-threats/

(39) Živica, D. (2026). Statements quoted in Futurium: "Sovereignty is an industrial goal before it is a policy one" [secondary citation, primary source not located].

(40) Council of Europe. (2024). "Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law". CETS No. 225, adopted 5 September 2024, opened for signature 5 September 2025. https://[www.coe.int/en/web/artificial-intelligence/framework-convention](https://www.coe.int/en/web/artificial-intelligence/framework-convention

(41) European Insurance and Occupational Pensions Authority (EIOPA). (2025). "Digital Operational Resilience in the Insurance Sector – Supervisory Expectations". (Consultation document).

(42) Consolidated version of the Treaty on the Functioning of the European Union (TFEU). OJ C 202, 7.6.2016, pp. 47‑200.