Europe's cyber defences against a flood of LLM models

Hello friends, and welcome to The Unsophisticated Investor! Brought to you by Scott & Rob, the founders of Shuttle!

If you want to invest alongside the VC funds who've backed breakout companies like Revolut, Asana, JustEat, Bolt, Lets Get Checked, Loom, Runna, Charlotte Tilbury, Deel, Aircall, AngelList, Carta, TransferWise and many more, regardless of your knowledge, network or net worth, then sign-up using the link below.

Now, let’s get into it 👇

This year Anthropic added a new top tier to its line-up, the Mythos class, a step above the Opus models it already sells. The strongest version, the one without the guardrails, you can’t buy. It goes to a small set of vetted organisations through a programme called Project Glasswing. For the rest of the public, we get access to Fable (that just went live yesterday), which Anthropic says is the same model underneath, fitted with enough extra safety machinery to be allowed out in public. The thing holding the two apart is cybersecurity.

Companies do not usually behave like this. The problem with Fable's bigger sibling is not price, and it is not scarcity. Anthropic looked at the cleverest thing it has ever built, worked out what it could do to a network, and decided the public was not getting that version. Not yet, at least.

Some models don't get out

At least a dozen AI developers now run formal frontier safety frameworks, and offensive cyber capability is one of the standard things they test for, alongside the more cinematic worries about chemical and biological weapons. The mechanics are now routine. Before a model ships, it is run through capability evaluations, often before any safeguards are switched on, precisely so the testers can measure what the thing can do at full strength rather than what it does once it has been told to behave. If a model clears certain thresholds, the response ranges from access restrictions to delaying release outright.

This is no longer the labs marking their own homework. The UK's AI Security Institute, renamed from the AI Safety Institute in February 2025, runs pre-deployment evaluations of frontier systems. In the US, the National Institute of Standards and Technology's Center for AI Standards and Innovation has begun testing models from Google, Microsoft and xAI before release, specifically to gauge whether their capabilities pose cybersecurity risks. Governments now sit in the room before launch, asking what the model can break.

They ask because the threat stopped being theoretical. In 2025, what was reported as the first largely AI-orchestrated cyber-espionage campaign, attributed by the company that disrupted it to a state-backed group, was intercepted. Treat the attribution with the caution any claim about who-did-what in cyberspace deserves. The same models being sold to write marketing emails are, at the frontier, good enough at hacking that the people who build them have started locking the best ones away.

How models are increasingly becoming a commodity 

Benedict Evans, a former partner at Andreessen Horowitz, who has spent two decades being right about platform shifts slightly before everyone else, has been making a quiet, deflating argument about all of this. His view, set out across his Spring 2026 "AI eats the world" work, is that foundation models are commoditising. The big four platform companies spent something like $400 billion on AI last year and have budgeted in the region of $650 to $700 for 2026, and the result of all that spending is that the raw capability is turning into a utility. Several models do roughly the same things. The differentiation, and therefore the money, moves up the stack, to the product, the workflow, the thing a customer cannot easily rebuild or rent from someone else.

Apply that to security and the picture sharpens. If the model itself is something you rent by the token, then the business becomes whoever turns that raw capability into something a security team will actually trust at three in the morning when an alert fires.

How European startups are part of a growing moat 

Increasingly, Europe is challenging the dominant cyber hubs of the Silicon Vallet and Tel Aviv. Evans is describing, the trusted application layer that sits on top of the models, is being built and funded across the continent, fast.

Take Tines for example. Founded in 2018 in Dublin by Eoin Hinchy and Thomas Kinsella, two former security engineers tired of doing the same manual work twice. Their platform automates security and IT workflows, and it now runs more than a billion automated actions every week for customers including Coinbase and Databricks. In February 2025 it raised $125 million in a round led by Growth Equity at Goldman Sachs Alternatives, with SoftBank's Vision Fund 2 along for the ride, valuing the company at $1.1 billion. Tines is the orchestration layer sitting on top of the models, which is exactly the part Evans reckons keeps the money.

Then there's Aikido. Founded in Ghent in 2022 by Willem Delbare, Roeland Delrue and Felix Garriau, it scans code and cloud infrastructure for vulnerabilities and wants to build software that secures itself. In January 2026 it raised $60 million from DST Global at a one billion dollar valuation, making it the fastest cybersecurity company in European history to reach unicorn status. Its revenue grew by more than 1,500% in a single financial year. Revolut, SoundCloud, Niantic and the Premier League are on the customer list. The pitch is built on a neat observation: AI now writes code faster than humans can review it, which means more code, shipped more often, with more holes in it. Aikido sells the cleanup for a mess that AI itself is accelerating.

They are not alone. In Paris, Filigran sells open-source threat intelligence to clients that include the FBI and the European Commission, and raised $58 million in October 2025 in a round led by Eurazeo. Also in Paris, GitGuardian has raised around $106 million hunting the credentials developers leave lying around in their code. European cybersecurity startups pulled in roughly €2.7 billion across some 266 deals in 2025, the strongest year since the 2021 peak.

Why the commodity helps Europe

The one stretch of the value chain Europe was structurally losing is the model itself. Training a frontier system takes hyperscaler balance sheets, vast compute and capital that sits overwhelmingly in the U.S. Europe was never going to win that race. It doesn't have the deep capital markets that bankroll this kind of bet in the US, and its regulatory instincts tend to throttle the investment that might close the gap. Commoditisation however will widen the playing field. When capability becomes a utility several providers can supply, you no longer need to own the engine to build a serious business, and the expensive, American-dominated layer becomes a cost line rather than a moat.

The defensible ground then moves up the stack, to product, integration, trust and regulatory fit. That is terrain won with domain knowledge and proximity to the customer, not with GPUs, and it is terrain Europe can actually compete on. It matters most in security, where governments and regulated buyers increasingly do not want a critical stack that depends entirely on a single American model provider. When models were scarce and capability varied wildly, buying European meant accepting a worse product. Commoditisation removes that penalty. A European firm can build a sovereign, EU-hosted, compliant layer on top of whatever model is best this quarter, or on a European open-weight option like Mistral, without giving up much capability at all. Sovereignty stops being a tax paid in performance and becomes closer to a free option.

And Europe writes the rules. NIS2, the AI Act and a wall of procurement requirements turn compliance into a moat rather than a cost, on home turf, in Europe's favour. Brussels is putting money behind it too, with the EU allocating €145.5 million this year alone to strengthen cybersecurity for small businesses and public administrations. Despite all the criticism levelled at Europe’s innovation, it’s clear there are a number of exceptional founders and companies being forged in Europe.  

The years ahead, and the catch

So the opportunity is real and it is large. AI is manufacturing security problems faster than humans can patch them, which guarantees demand. Commoditising models hand European companies a shot at the layer where the money actually sits. And the regulatory and sovereignty pressures that usually slow European tech down are, for once, a structural advantage rather than a drag.

The catch is the same one this newsletter raised in our edition on defence tech, and it is worth stating flatly. Value created in Europe is not the same as value captured in Europe. If the application layer is where the money is, the American giants will integrate vertically, owning both the model and the security product, and lean on the independents. 

The most likely exit for a brilliant European cyber company is still a cheque from an American acquirer, written before any of that value compounds at home. There is also the unglamorous question of durability. A chunk of this demand is regulation-driven and threat-driven, and threats and rules can both shift. The commoditisation thesis explains why Europe gets a shot. It does not promise Europe keeps the proceeds.

The most capable model Anthropic ever built is sitting behind glass because of what it could do to a network. Across cities in Europe, founders are building a generation of companies to defend against precisely that. The thing too dangerous to sell created the market for everything that cleans up after it. Somewhere a model is running hacking drills it will never be allowed to use in anger, and in Belgium someone just became a paper billionaire on the strength of the threat it represents. Capital has always followed power. It turns out it also follows fear, and Europe, at last, has learned to sell it.

What we’ve been working on at Shuttle

• Working on a new version and look to our website 🧑‍💻 

• Putting the final touches to our job board page  👷

• Speaking with more VCs and syndicates interested in our Deploy product 🤝

The Unsophisticated Investor is brought to you by Scott & Rob, the founders of Shuttle. We’re both sick of private markets being a playground exclusive to the ultra-wealthy so we started a company to challenge the status-quo. Shuttle’s singular focus is to unlock private markets for Millennial and Gen Z tech professionals and help them build wealth through the highest performing private market opportunities.

Scott & Rob
Shuttle Co-Founders