BNP Paribas and Mistral team up for European rival to Anthropic’s Mythos

BNP Paribas has joined forces with Mistral AI to develop a new class of AI cybersecurity tools that its American counterparts already deploy and European regulators cannot reliably access, as reported by Bloomberg on Tuesday.

The Paris-based bank, the largest in the eurozone by assets, is among several European institutions backing Mistral in creating a cyber-focused AI model designed to rival Anthropic’s Mythos. Mythos, launched earlier this year, is a restricted-access system capable of identifying and exploiting security vulnerabilities at machine speed. In controlled testing, it produced working exploits on its first attempt over 83% of the time, often outperforming human red-teamers.

Access to Mythos is deliberately limited to roughly 40 to 50 organizations, predominantly large U. S. tech firms, U. S. national-security partners, and a few American banks like JPMorgan Chase. No European bank is on the list. The European Commission has been in stalled negotiations with Anthropic over access since April, with Spanish officials publicly describing the talks as deadlocked.

The European Central Bank has spent recent weeks warning eurozone supervisors that Mythos-class tools shift the threat landscape for banks, regardless of who holds them. As ECB’s Frank Elderson told banks earlier this month, if attackers obtain a comparable model, defenders without one will be structurally behind.

The Bundesbank has formally supported Brussels in pressing Anthropic for access, but Anthropic has resisted, arguing that wider distribution could weaponize the model itself. This standoff is the gap Mistral aims to fill. The French firm, already Europe’s best-funded foundation-model company, has pitched a sovereign European alternative since at least mid-May. BNP Paribas’s involvement marks the most concrete sign yet that the European banking sector is willing to commit balance-sheet resources to the project rather than wait for Brussels-Anthropic talks to unblock.

The two companies already have a three-year commercial agreement across Mistral’s broader model lineup, signed in February.

What the Mistral cyber model would actually do remains, based on current public reporting, an answer not independently demonstrated. Mythos is a specific system trained to combine vulnerability discovery with exploit generation in a single workflow. Replicating that capability without access to the red-team data Anthropic has accumulated will not be straightforward.

The pitch to BNP Paribas and other prospective European bank customers is partly that a sovereign model with even somewhat lower capability is preferable to having no model at all on the defensive side. It also serves as a hedge against the possibility that Brussels-Anthropic talks collapse permanently.

This broader pattern echoes the past year of European tech policy: a U. S. firm builds a frontier capability, restricts access on safety or national-security grounds, and European institutions respond by trying to build a domestic equivalent. The same logic has driven recent European pushes on cloud sovereignty, payments rails, and most loudly, semiconductor manufacturing. Banking cyber-AI is the newest entry on that list, and the BNP Paribas-Mistral pairing is its highest-profile concrete project.

Neither BNP Paribas nor Mistral commented on the specific Bloomberg report. Mythos has not been demonstrated in the wild on a European bank to date.