Headline: China races to build its own “Mythos” — and one lab just dumped a near-equivalent on the internet for free
China’s cybersecurity scene pushed back hard this month after the U.S. tightened export controls on Anthropic’s cybersecurity AI tools. At ISC.AI 2026 in Beijing on June 24, Qihoo 360 founder Zhou Hongyi argued the country needs “its own Mythos” — a reference to Anthropic’s autonomous vulnerability-finding system — and unveiled what his company says is the answer.
What happened in Beijing
- Zhou introduced Tulong Feng, an AI “vulnerability agent” 360 is pitching as China’s counterpart to Mythos, plus Yitian Zhen, an automated defense platform, and a domestic security alliance named Panshi Zhidun (Shield of Bedrock).
- He framed Mythos-style tools as “cyber nuclear weapons” for the AI era: autonomous systems that can discover vulnerabilities, analyze them and chain attacks without direct human guidance.
- Zhou criticized export limits that, he said, let U.S. firms use Mythos but bar Chinese companies from Anthropic’s vetted partner program Glasswing — a list that includes major tech names such as Microsoft and Apple.
- Qihoo 360 claims Tulong Feng has found 3,432 vulnerabilities to date; 105 reportedly confirmed by Chinese regulators, with several high-severity entries added to the national vulnerability database. Zhou argued an “agent-first” approach that coordinates specialized models sidesteps remaining gaps with Western base models.
An open alternative hits the web
Shortly after U.S. authorities moved to block Mythos 5 and Fable 5 for foreign nationals, Beijing lab Z.ai (aka Zhipu AI) released GLM-5.2 under an MIT license — no paywall, no geographic restrictions, and freely modifiable. Z.ai co-founder Tang Jie called Anthropic’s withdrawal “deeply regrettable,” while technical lead Qinkai Zheng said simply: “We want the model accessible to everyone.”
Key technical takeaways
- Semgrep tested models on insecure direct object reference detection (F1 score): GLM-5.2 hit 39%, outperforming Anthropic’s Claude Code on that measure.
- A Graphistry capture-the-flag evaluation put GLM-5.2 on par with Claude Opus 4.8.
- Z.ai’s reported cost efficiency is striking: roughly $0.17 per finding versus more than $1 per finding for workflows built around Claude.
Signals and stakes
The launches underline two trends: an intensifying U.S.–China bifurcation in advanced cybersecurity tooling, and the accelerating impact of open or permissively licensed large models. For China, domestically developed agents and coalitions are positioned as both strategic and commercial counters to export controls. For the rest of the world — including crypto projects and decentralized ecosystems that depend on rapid, affordable security analysis — open models like GLM-5.2 could lower the cost and widen access to automated vulnerability discovery.
A sparring of public predictions
When Elon Musk suggested China wouldn’t match Fable-level capability until early 2027, Tang cheekily replied on social media: “Won’t take that long.”
Why crypto watchers should care
- Lower-cost, widely available vulnerability agents could democratize security scans for smart contracts, tooling stacks, and node infrastructure — but also increase the surface for automated exploit discovery.
- An open MIT-licensed model that performs competitively on detection benchmarks could become a building block for on-chain security tooling, auditors, and bug-bounty automation.
- National splits in access and tooling raise regulatory and operational questions for cross-border projects and exchanges that must balance security, compliance and supply-chain risk.
Bottom line: China’s private sector and labs are moving quickly to deliver both closed, domestically branded agents and freely shared models that mirror Western capabilities. That means easier access to powerful vulnerability-finding tools — with big implications for defenders, attackers and the rapidly growing security needs of crypto infrastructure.
Read more AI-generated news on: undefined/news
