China's AI Cyber Weapon: Defence Tool, Power Play, or Both?

This week, a sanctioned Chinese firm unveiled an AI system it calls the equivalent of a "cyber nuclear weapon." The world should pay close attention — because the story is far more complicated than a technology announcement.

The Tool: Tulongfeng

On 24 June 2026, at the ISC.AI cybersecurity conference in Beijing, Qihoo 360 founder Zhou Hongyi stepped onto a stage and announced something that immediately reverberated across Washington, Brussels, and every major cybersecurity operations centre in the world.

The company had built Tulongfeng — an AI-powered vulnerability discovery engine that Zhou explicitly described as "China's version of Mythos," a direct reference to Anthropic's own frontier cybersecurity model that has already rattled global security establishments.

Alongside Tulongfeng, Zhou unveiled a companion tool called Yitianzhen, built to automate cyber defence and incident response. Together, they sit under an umbrella brand called "Yitian Tulong" — a name drawn from a celebrated Chinese martial arts novel, loosely translated as "Heavenly Sword and Dragon Saber."

The naming is not incidental. It signals power, legacy, and sovereignty all at once.

What Tulongfeng Actually Does

To understand why this matters, you need to understand what it's competing with.

Earlier this year, Anthropic previewed its Mythos model — a specialised AI designed to automatically discover vulnerabilities in software. Cybersecurity professionals were stunned by its speed and depth: Mythos found vulnerabilities at more than ten times the rate of previous frontier models. It could chain together seemingly minor flaws into credible, cascading attack paths that human analysts would take months — or years — to identify.

The US government was alarmed enough by Mythos' power that it has restricted foreign nationals from accessing the model, citing national security concerns.

Tulongfeng is China's answer to that. But rather than trying to build a bigger, brute-force model — which Zhou acknowledges Chinese firms can't yet match, citing a 20–30% gap in base model capability versus US counterparts — Qihoo 360 has taken a fundamentally different architectural approach.

Where Anthropic trains a single powerful model to act as a "genius hacker," Qihoo 360 has built a swarm of specialised AI agents that collaborate like a professional security team. Each agent handles a specific part of the vulnerability discovery process: threat modelling, attack surface mapping, data flow analysis, exploit generation, and sandbox testing. The agents critique each other's findings, get smarter through iteration, and only surface vulnerabilities they have actively confirmed — not merely suspected.

"If Mythos is a top-end chip," said Zhou, "what we are building is a complete machine that can run stably, work 24 hours a day and make fewer mistakes."

As evidence of its capability, Qihoo 360 claims Tulongfeng has already discovered 3,432 software vulnerabilities, including bugs that had been hiding in the Windows kernel for five years, in Microsoft Office for eight years, and in Excel for a decade. Microsoft has officially acknowledged those discoveries. A further 105 vulnerabilities have been confirmed by Chinese authorities.

These figures have not been independently verified. But they are striking enough — and specific enough — to demand serious attention.

For China, or for the World?

Here is where the story shifts from technical to geopolitical.

Qihoo 360 is not a neutral company. It has been on the US Commerce Department's Entity List since 2020, sanctioned over alleged ties to China's military — links the company denies. China's National Computer Virus Emergency Response Centre regularly cites Qihoo 360's research. The firm sits at the fuzzy boundary between private enterprise and state capability that is a defining feature of China's tech sector.

Zhou framed Tulongfeng explicitly in terms of national strategic parity. "This kind of powerful weapon that can change the landscape of cyber offence and defence cannot be held only by others," he said. He described vulnerability-finding AI as comparable to nuclear deterrence — a strategic asset whose absence leaves a nation fatally exposed.

That framing matters. It answers your question directly: Tulongfeng is not a product for the world. It is a tool of national power.

And that makes perfect sense once you understand the legal architecture that surrounds it.

Cyber Sovereignty: The Philosophy Behind the Tool

China's approach to cyberspace has never been the same as the West's. Where the early internet was conceived as a borderless commons — a global network with no sovereign — China has consistently argued for what it calls cyber sovereignty: the principle that each nation has the right to govern its own digital space, control information flows within its borders, and build independent technological capacity to defend those borders.

This is not just rhetoric. It is embedded in China's legal DNA.

China's Cybersecurity Law, first passed in 2017 and significantly amended in January 2026, provides the legal foundation for this philosophy. The Cyberspace Administration of China has explicitly stated that the law is designed to advance Xi Jinping's vision of China as a "cyber superpower" — which means strengthening both domestic internet controls and international influence over how the internet itself is governed.

The 2026 amendments went further: they extended the law's reach to any overseas activity that "endangers China's cybersecurity" — a broad, extraterritorial mandate that gives Beijing significant legal room to define threats and respond to them. AI governance has been embedded directly into the Cybersecurity Law. The message is clear: AI is not a commercial sector. It is a security sector.

China's 15th Five-Year Plan (2026–2030), unveiled in March 2026, is equally explicit. It calls for China to "seize the commanding heights of science and technological development" — and analysts at The Diplomat have noted that this extends specifically to AI capabilities that can be used for censorship, surveillance, information control, and what Beijing calls "political security": in plain terms, the security of the Communist Party's grip on power.

When AI cybersecurity tools are developed inside this framework — by a company embedded in the national security apparatus — the question "for China or for the world?" almost answers itself.

The Dual-Use Dilemma

Here is the genuinely hard part of this story, because it cuts both ways.

Every capability that finds software vulnerabilities is, by definition, a dual-use technology. Tulongfeng can be used to find a flaw in critical infrastructure before an attacker does — or it can be used to find that same flaw first, and exploit it. The same tool that patches a power grid can take one down.

Zhou himself leaned into this ambiguity, comparing Tulongfeng to nuclear deterrence — a weapon whose value lies precisely in the threat it poses, not just in its defensive applications.

This is not a uniquely Chinese problem. Anthropic's Mythos raises exactly the same concerns in Washington, which is why the US government restricted foreign access to it. The Five Eyes intelligence alliance warned just days ago that adversaries could use AI for sophisticated cyberattacks "within months rather than years." What the US has done in restricting Mythos, China is effectively countering by building Tulongfeng.

Both sides are now building cyber arsenals under the banner of defence. This is what arms races look like in the 21st century.

The difference — and it is a meaningful one — lies in the transparency and governance around these tools. Anthropic, whatever its flaws, operates in a system with press freedom, external researchers, congressional oversight, and legal accountability. Qihoo 360 operates in a system where the state controls the flow of information, where research is published at the government's discretion, and where the line between a cybersecurity firm and a military asset is, by design, opaque.

That asymmetry of accountability is perhaps the most important geopolitical fact in this story.

What the "One-Way Transparency" Argument Reveals

Zhou made one argument at the Beijing conference that deserves particular attention. He warned against what he called "one-way transparency": a situation where the United States, via tools like Mythos, can probe software systems upon which other nations depend — finding vulnerabilities that those nations cannot find themselves — while those same nations are locked out of equivalent capability.

It's a structurally sound argument. And it explains a great deal about what Tulongfeng is really for.

It is not a product to be sold globally. It is not an open-source contribution to the world's cybersecurity commons. It is a tool designed to ensure that China's critical infrastructure — and by extension China's state — cannot be digitally picked apart by adversaries who have AI tools China lacks.

But the logic of "strategic deterrence" has a well-known failure mode. Once both sides frame their cyber capabilities as existential deterrents, the pressure to use them — particularly in moments of geopolitical tension — grows. And unlike nuclear weapons, cyber weapons have very low deployment costs, very high plausible-deniability, and no verified "launch" that everyone can observe.

The Bigger Picture

Tulongfeng is one tool in a much larger architecture of control. China has built a cybersecurity system that merges law, regulation, AI, and national security into a unified framework. The 2026 Cybersecurity Law, the Five-Year Plan's AI ambitions, Qihoo 360's tools, DeepSeek's AI models (which carry built-in information controls that worry even open-source advocates), and the state-sponsored espionage operations documented by Anthropic in September 2025 — in which Chinese actors weaponised Claude Code itself against 30 global targets — are not isolated events.

They are components of a coherent strategy.

That strategy has three goals that the evidence consistently supports: defend China's digital borders, build indigenous capability that cannot be cut off by US export controls, and project cyber power outward in ways that are deniable and difficult to attribute.

Tulongfeng fits all three.

What This Means for the Rest of Us

For governments and organisations outside China, the message is uncomfortable but clear. The era of AI-augmented cyber conflict has arrived — and it is escalating faster than governance frameworks can keep pace.

The world is now in a situation where AI tools can find critical vulnerabilities in widely used commercial software at machine speed. Both the US and China are building and restricting access to these tools as national assets. Independent organisations, businesses, governments, and individuals are caught in between.

A few conclusions follow:

Capability gaps are closing, but asymmetrically. Tulongfeng's agent-based approach is a meaningful engineering workaround to China's compute disadvantage. It may not match Mythos today, but it is a real capability — and it will improve.

The "defence" framing is genuine and also convenient. China does face real cyber threats. Framing Tulongfeng as defensive is not simply propaganda. But defensive infrastructure and offensive capability are the same thing. Always.

Cyber sovereignty is a feature, not a bug, of China's system. Western companies operating in or with China should understand that China's legal framework views their data, networks, and infrastructure as sovereign territory the moment it touches Chinese systems.

The AI cyber arms race is not theoretical. It is happening now, in real time, across the world's most critical software systems.

Zhou Hongyi ended his Beijing speech with a warning: "The only way out is to fight computing power with computing power, intelligence with intelligence, machine against machine, enabling China's defence to stand firm."

He may be right. But that logic, followed to its conclusion, doesn't end in security. It ends in an AI-enabled cold war — with the world's software infrastructure as the battlefield.

Sources: Reuters, The Register, Qihoo 360, Anthropic, The Diplomat, Bird & Bird, Booz Allen Hamilton, Council on Foreign Relations, ISC.AI 2026 conference transcripts