European Union regulators have issued preliminary findings against Meta Platforms, saying the company has failed to effectively prevent children under the age of 13 from using Facebook and Instagram.

The European Commission said its investigation found that Meta’s current safeguards do not meet the requirements of the Digital Services Act, the bloc’s landmark online safety law.

Although Meta’s terms of service require users to be at least 13 years old, regulators said the company’s age-verification systems are insufficient. Children can reportedly create accounts simply by entering a false date of birth, with no effective mechanism in place to confirm their real age.

According to the Commission, between 10% and 12% of children under 13 in the European Union are using Facebook or Instagram. That figure is significantly higher than Meta’s own internal estimates.

Regulators also said Meta failed to adequately consider established scientific research showing that younger children are particularly vulnerable to potential harms associated with social media use, including exposure to inappropriate content and risks to mental well-being.

Meta has rejected the Commission’s preliminary conclusions. In a statement, the company said both Facebook and Instagram are intended only for users aged 13 and older and that it already has systems in place to identify and remove underage accounts.

The company added that it continues to invest in technologies designed to detect younger users and indicated that additional safety measures will be announced in the coming days.

Meta also argued that determining a user’s true age remains a challenge across the technology industry and said a broader, industry-wide solution is needed. The company pledged to continue working with European regulators on the issue.

The findings come as several EU member states consider introducing wider restrictions on children’s access to social media, including proposals to ban use by those under 15.

To address the problem, the European Union is preparing to launch its own age-verification app. European Commission President Ursula von der Leyen said earlier this month that the technology is ready for rollout, although no official launch date has been announced.

Meta now has the opportunity to review the Commission’s findings and submit a formal response.

If the preliminary conclusions are upheld, the Commission could issue a binding non-compliance ruling. Under the Digital Services Act, penalties can reach up to 6% of a company’s global annual revenue, potentially exposing Meta to fines worth billions of euros.

A group of unauthorised users has reportedly gained access to a highly restricted artificial intelligence system developed by Anthropic, raising fresh concerns about the security of advanced AI technologies.

The system, known as Mythos, has been described by the company as too sensitive for public release due to what it calls “unprecedented cybersecurity risks.” Designed primarily for enterprise-level security applications, the model is currently being tested by a limited number of technology firms and financial institutions.

According to reports, access to Mythos was obtained through a third-party vendor connected to Anthropic. A private online forum is believed to have exploited this route, allowing users to interact with the system despite strict access controls. Sources cited in the report said the group attempted multiple strategies before successfully gaining entry and has continued to use the model after breaching it.

Anthropic acknowledged it is investigating the claims but said there is no evidence so far that its internal systems have been directly compromised. A company spokesperson indicated that the situation remains under review as more details are gathered.

Mythos is part of Anthropic’s broader initiative, known as Project Glasswing, which aims to develop advanced AI tools capable of identifying and addressing cybersecurity vulnerabilities. Due to the model’s capabilities, access has been limited to a select group of partners, including major technology companies and financial institutions.

Reports indicate that firms such as Amazon, Apple and JPMorgan Chase are among those involved in testing the system. Other banking giants, including Goldman Sachs, Citigroup, Bank of America and Morgan Stanley, are also said to be evaluating its potential use in detecting weaknesses in digital infrastructure.

The issue has drawn attention at high levels of government and industry. Earlier this month, US Treasury Secretary Scott Bessent reportedly convened a meeting with senior banking executives in Washington to discuss the implications of advanced AI systems like Mythos. Participants were encouraged to explore how such tools could strengthen cybersecurity frameworks, particularly in the financial sector.

The reported breach highlights the growing challenge of securing cutting-edge AI systems as they become more powerful and more widely deployed. Experts have warned that even limited leaks or unauthorised access could expose sensitive capabilities, potentially allowing malicious actors to exploit vulnerabilities or replicate advanced techniques.

Anthropic has not confirmed the extent of the access gained or whether any sensitive outputs were extracted. The company has also not responded to additional requests for comment at the time of publication.

As investigations continue, the incident is likely to intensify scrutiny over how AI developers safeguard their most advanced systems, especially those designed to operate in high-risk environments such as cybersecurity and finance.