Washington locked Anthropic's cybersecurity model Claude Mythos behind export controls and a carefully vetted coalition of partners. China's answer arrived on two fronts at once: a major industry conference where a prominent founder declared the country already had its own equivalent, and a separate lab that simply posted a comparable model online for anyone to download at no cost.
Qihoo 360's pitch from the Beijing stage
Speaking at ISC.AI 2026 in Beijing on June 24, Qihoo 360 founder Zhou Hongyi did not mince words: "China's cybersecurity industry must have its own Mythos." He used the platform to introduce Tulong Feng, an AI vulnerability agent that 360 is positioning as the country's homegrown version. He also rolled out Yitian Zhen, an automated defense platform, and launched a new domestic security alliance called "Panshi Zhidun," which translates to Shield of Bedrock.
Why the founder calls Mythos a 'cyber nuclear weapon'
Zhou's framing was deliberately sharp. In his view Mythos is the equivalent of "cyber nuclear weapons" in the AI era, an autonomous system capable of finding vulnerabilities, studying them, and assembling full attack chains with no human steering it. "U.S. organizations can use Mythos to scan your vulnerabilities, but you don't even have the right to look at Mythos," he said. He pointed to the fact that Chinese firms are shut out of Glasswing, Anthropic's vetted partner program whose members include Microsoft, Apple and other large technology companies.
The track record Zhou claims for Tulong Feng
By Zhou's account, Tulong Feng has so far uncovered a cumulative 3,432 vulnerabilities. Of those, 105 have been confirmed by Chinese regulatory bodies, and several were flagged as high-severity by the national vulnerability database. He argued that an agent-first strategy, one that coordinates several specialized models instead of betting on a single frontier system, makes up for whatever gap still separates China's base models from the best American ones. "America has Mythos," he told the room. "China also has its own 'Heaven-Sword Dragon-Saber.'"
Z.ai makes its point by giving it away
Beijing-based Z.ai, also known as Zhipu AI, took a very different route and proved its argument by shipping a product. The lab released GLM-5.2 soon after the U.S. government pulled Mythos 5 and Fable 5 offline for foreign nationals. GLM-5.2 is distributed under an MIT license, meaning there are no subscription gates, no geographic limits, and anyone is free to modify it.
How GLM-5.2 performs on security tests
The security benchmarks drew attention. In Semgrep's evaluation of insecure direct object reference detection, a test that measures whether a model can catch unauthorized object access flaws in code and is scored using the F1 metric that balances precision against recall, GLM-5.2 reached 39%, putting it ahead of Claude Code on the same test. A separate Graphistry evaluation found it level with Claude Opus 4.8 on a capture-the-flag challenge. The cost worked out to roughly $0.17 per finding, compared with more than $1 for Claude-based workflows.
A direct reply to Musk's timeline
Z.ai co-founder Tang Jie described Anthropic's withdrawal as "deeply regrettable," while the company's technical lead Qinkai Zheng was blunter: "We want the model accessible to everyone." When Elon Musk predicted that China would not match Fable-level capability until Q1 2027, Tang's response was short: "Won't take that long."
