China's AI Race to Match Anthropic's Mythos Is Already Reshaping Cybersecurity

Zhipu AI's GLM-5.2 Reaches Parity on Cybersecurity Benchmarks

Zhipu AI, a Beijing-based company with deep roots at Tsinghua University, has released GLM-5.2 — a 744-billion-parameter open-weight model that independent testing now places on equal footing with Anthropic's Mythos across specific cybersecurity tasks. Security research firm Graphistry recorded a 28/59 solve rate for GLM-5.2 on the CyBT-CTF security agent benchmark, tying the performance of both Anthropic and OpenAI's proprietary systems while running at approximately half the cost.

Research firm Artificial Analysis ranked GLM-5.2 the third most capable AI overall, placing it directly behind Anthropic's Claude Fable and OpenAI's ChatGPT 5.5 while outperforming Google's Gemini. The model ships under a permissive MIT license paired with a one-million-token context window — large enough to ingest an entire codebase in a single pass. That combination of raw capability and unrestricted access is what makes the release particularly significant for automated vulnerability hunting.

Because the model is open-weight and MIT-licensed, any individual or organization can download, fine-tune, and deploy it without supervision or approval. Security researcher Joshua Saxe went so far as to argue that GLM-5.2, not Mythos, is the more pressing security emergency — precisely because its power is freely accessible.

360 Security Launches Dedicated Tools and Claims a Chinese Mythos

At the ISC.AI 2026 conference in Beijing on June 24, 360 Security Technology founder Zhou Hongyi unveiled two purpose-built AI cybersecurity systems: Tulongfeng, which targets automated vulnerability discovery, and Yitianzhen, focused on cyber defense and incident response. Zhou introduced Tulongfeng directly as "China's version of Mythos," claiming it has surfaced 3,432 software flaws to date, with 105 formally confirmed by Chinese government authorities.

Zhou did not dispute the capability gap relative to leading US models, putting it at 20–30%. What he challenged was the premise that benchmark superiority was the defining variable. His argument: assembling a skilled human attack-and-defense team around available AI tools is strategically more consequential than raw model performance. The dual-tool architecture — offense and defense operating as a coordinated system — reflects that framing, positioning AI as one layer of a broader operational capability rather than the capability itself.

Alibaba Accused of Orchestrating Record-Scale Extraction Attack on Claude

Running alongside these development announcements is a disclosure that cuts directly at how Chinese AI advancement may be funded by unauthorized access to US systems. Anthropic sent a letter to US senators and White House officials, reviewed by the Wall Street Journal, accusing Alibaba and its Qwen AI division of running what it called "the most significant known distillation attack" ever carried out against Claude. The Financial Times and Bloomberg independently confirmed the allegations.

According to the letter, Alibaba-linked operators opened nearly 25,000 fake accounts and conducted 28.8 million conversations with Claude between April 22 and June 5, 2026. The apparent goal was systematic knowledge extraction — using Claude's responses at scale to train or improve competing models. Alibaba shares dropped roughly 3% following the reports. The disclosure is expected to sharpen Congressional scrutiny of Chinese access to US AI infrastructure, a subject already generating bipartisan legislative attention.

US Export Controls Face a Fundamentally Different Threat

Washington's current strategy centers on restricting access to frontier AI capability, and recent measures have been aggressive. A Commerce Department directive issued June 11 required Anthropic to suspend access to its most advanced models for all foreign nationals — including non-citizen employees working within Anthropic itself. The directive cited national security concerns.

The problem is that the threat has evolved faster than the containment approach. When an open-weight Chinese model can match a restricted US system on cybersecurity benchmarks, and ship freely under an MIT license, export controls on proprietary models become substantially less effective. Axios reported that advanced AI hacking capabilities are becoming dramatically cheaper and more accessible through open-source Chinese releases — a trend that inverts the advantage the export framework was designed to preserve.

The challenge Washington faces is now three-dimensional: domestic Chinese model development accelerating toward parity; open-weight global distribution that bypasses access controls entirely; and alleged large-scale illicit extraction of US AI knowledge to close whatever gap remains. Each vector undercuts a different pillar of the containment strategy, and they are operating simultaneously.