Monday, 13 July 2026 · Europe
EUR/USD 1.143 EUR/GBP 0.8516 EUR/CHF 0.9223 EUR/PLN 4.348 All rates →
Sign in · Join
EUROPES The European Report
LATEST
Europe Today

EU AI cybersecurity plan exposes reliance on US models

EU AI cybersecurity plan exposes reliance on US models

The European Commission has unveiled an action plan to counter AI-powered cyber threats, but the initiative's reliance on negotiated access to American technology exposes a damaging strategic dependency for European businesses.

The European Commission presented its AI cybersecurity action plan on Tuesday, promising a blueprint to help public authorities and private companies gain access to advanced models for defence.

The urgency stems from a fundamental shift in the hacking economy. Artificial intelligence allows malicious actors to find and exploit software vulnerabilities faster and cheaper than ever before, posing a direct threat to European businesses and critical infrastructure. "It's not business as usual anymore," warned Bart Groothuis, a Dutch MEP. "Your software and IT systems will be tested by hackers, aided by the latest AI models. Hackers will operate at the speed of light and will try to put you out of business."

Yet, rather than deploying homegrown technology, Brussels is relying on restricted access to American systems. Anthropic's Mythos model recently demonstrated the ability to identify hacking vulnerabilities in highly sensitive US government computer systems in just a few hours. After Washington briefly imposed and then lifted export controls on these advanced models, European authorities and the EU cybersecurity agency ENISA gained limited access through a programme called Project Glasswing, but only following intense lobbying.

"Our dependency is not primarily about AI models. It is about the infrastructure they rely on. Europe has strong AI research, but too few companies operating at this frontier," said Finnish MEP Aura Salla.

The plan's defensive measures rely heavily on the AI Act, with the AI Office tasked with evaluating models before they reach the EU market. However, this regulatory leverage is undermined by tech companies' preferences. Leading labs like OpenAI and Anthropic have opted to work with the UK AI Security Institute specifically because it lacks regulatory power, raising questions about whether Brussels can enforce its rules before market launch.

For now, the Commission's tangible offerings amount to guidance for companies on patching vulnerabilities and assessing the readiness of critical infrastructure. Critics view the initiative as a bureaucratic patchwork of existing tools that fails to address the underlying reality: Europe's defences against a new generation of cyber threats depend heavily on the goodwill of foreign tech firms. "These advanced AI models can now build cyber exploits in minutes or hours at a fraction of the cost of vulnerability discovery by trained humans," said EU digital chief Henna Virkkunen. "Once weaponised, these vulnerabilities endanger the security of our infrastructure and society."

More from Europe Today