5 min read

China's Answer to Mythos: Inside Qihoo 360's Bid to Build an AI Vulnerability-Hunting Rival

China's Answer to Mythos: Inside Qihoo 360's Bid to Build an AI Vulnerability-Hunting Rival

A sanctioned Chinese cybersecurity giant says it has built an AI that can compete with Anthropic's most powerful model at finding software flaws. The claims are unverified, but the geopolitics around them are very real.

Most Americans have never heard of Qihoo 360. That's likely to change. At the ISC.AI 2026 cybersecurity conference in Beijing on June 24, the Chinese security giant's billionaire founder Zhou Hongyi unveiled an AI system called Tulongfeng, which he described as China's version of Anthropic's Claude Mythos — the frontier model Anthropic has used, through a vetted group of partner organizations known as Project Glasswing, to uncover more than 6,000 high- or critical-severity software vulnerabilities. Zhou said Tulongfeng has already flagged 3,432 vulnerabilities, with 105 confirmed by Chinese authorities, though the figures come from Qihoo 360 alone and haven't been independently verified or benchmarked by any outside party.

Zhou framed the launch in explicitly geopolitical terms, describing Mythos as the cybersecurity equivalent of a nuclear weapon and arguing that vulnerability-discovery capability is becoming the new axis of strategic deterrence between the U.S. and China — language that, whatever its accuracy as a technical comparison, signals how seriously Beijing is treating the AI-driven vulnerability research race.

A Different Architecture, By Necessity

Zhou was candid that China's leading AI models still trail Western frontier systems by a meaningful margin in raw capability — by his own estimate, 20 to 30 percent. Rather than try to close that gap by chasing the same scale-and-compute approach Anthropic has taken with Mythos, a strategy that's largely foreclosed to Chinese firms operating under U.S. chip export restrictions, Qihoo 360 built Tulongfeng as a coordinated swarm of specialized AI agents, each handling a discrete stage of the vulnerability-hunting pipeline: modeling the threat surface, tracing data flows for weaknesses, generating sandboxed proof-of-concept exploits, and testing them under conditions meant to mirror a real attack. Zhou characterized the difference as training a team of specialists rather than a single "genius hacker" — a framing meant to suggest that institutional coordination, not raw model capability, can substitute for the compute Chinese firms don't have unrestricted access to.

Independent assessments so far are mixed. University of Surrey researcher Alan Woodward has said the system likely doesn't match Mythos outright but that its emergence shows this class of tool is going to proliferate regardless of who leads. Some of Qihoo 360's specific vulnerability claims have already been disputed — Microsoft, for instance, credited a Windows kernel flaw Zhou cited among Tulongfeng's discoveries to researchers in Taiwan and South Korea instead, and a flaw Zhou pointed to in Anthropic's OpenClaw coding tool was one human researchers had already found independently, which some observers noted falls short of demonstrating genuinely novel AI capability.

Why Washington Is Watching This Company Specifically

Qihoo 360 isn't a neutral player in this comparison. The U.S. Commerce Department placed it on the Entity List in 2020 over concerns about its ties to the Chinese military, barring American companies from doing business with it without a license, and the Pentagon has since designated it a contributor to China's defense industrial base. According to a 2025 congressional China Select Committee report, the company also leads a Chinese government initiative aimed at strengthening cyber defenses across the Chinese state — the Cyberspace Security Military-Civil Integration Innovation Center.

The relationship that concerns experts most isn't Tulongfeng itself, but where its discoveries end up. Georgetown University researcher Dakota Cary, who studies Chinese cyber espionage, points to Qihoo 360's role feeding China's National Information Security Vulnerability Database, which is operated by China's Ministry of State Security. Cary's earlier research found the company was contributing at least 35 vulnerabilities a year to that database — a pipeline made more concerning by prior findings that Chinese authorities have, at times, sat on public disclosure of submitted vulnerabilities long enough to make use of them in covert cyberattacks before vendors could patch them. Cary expects an AI system like Tulongfeng to accelerate that flow considerably, calling it a sign of how quickly the front lines of cyber operations are shifting.

That dynamic is structural, not incidental. Under China's Data Security Law and related cybersecurity regulations, organizations operating in the country are legally required to report discovered vulnerabilities to the Ministry of Industry and Information Technology within 48 hours — before notifying the affected vendor or disclosing publicly. Any zero-day Tulongfeng confirms becomes available to Chinese authorities on that timeline regardless of Qihoo 360's stated defensive intent, which is why some analysts have pushed back on Zhou's nuclear-deterrence framing: deterrence depends on both sides holding their capabilities in reserve, but Tulongfeng's findings are designed to flow toward state use almost immediately.

A Two-Front Race, Not a Two-Player One

Qihoo 360 isn't the only Chinese entrant reshaping this landscape. Beijing-based Z.ai released its GLM-5.2 model as free, open-weight software shortly after the U.S. restricted foreign access to Mythos and its lighter-weight counterpart Fable. Because it's open-weight, anyone can inspect, modify, or retrain it — including for more aggressive offensive use than its creators intended. Independent testing by the code-security firm Semgrep found GLM-5.2 outperforming currently available Claude models on at least one vulnerability-detection benchmark, at a fraction of the cost per finding. Unlike Tulongfeng's unverified, self-reported numbers, that comparison came from a third party, giving it more credibility as an actual capability signal.

For Anthropic, the timing has been complicated. The Commerce Department directed Anthropic not to make Fable available to users outside the U.S. amid concerns about the technology reaching cybercriminals or foreign adversaries; Anthropic responded by suspending the model for all users, not just foreign ones. Those controls were subsequently lifted, and access was restored, but the episode illustrates how contested this technology has become even among its own developers — Anthropic has reportedly declined to offer Claude for offensive vulnerability research and has had its own disagreements with the Department of War over tools that could enable mass surveillance. OpenAI, meanwhile, restricted its newest model, GPT-5.6, to government-vetted "trusted partners," even as its predecessor, GPT-5.5, remains broadly available and reportedly nearly as capable at hacking-related tasks as Mythos.

Capability Isn't the Whole Story

Perhaps the most important observation in this unfolding race comes from Eugenio Benincasa, a cybersecurity researcher at ETH Zurich's Center for Security Studies, who argues that raw model quality will likely matter less over time than how efficiently an organization can operationalize whatever capability it has. Given roughly comparable capability levels between the U.S. and China, he suggests the deciding factor won't be which lab's model tests better — it'll be which country's institutions can translate that capability into actual operational use fastest.

That framing cuts against the "cyber nuclear weapon" analogy Zhou himself invoked. Nuclear deterrence works because neither side reveals its arsenal. AI-discovered vulnerabilities don't function that way — whoever finds them first can choose to patch them, sell them, stockpile them, or weaponize them, and in China's case, the choice isn't even left to the company that found them. As both countries race to build and institutionalize these tools, the real contest may not be which model finds more flaws, but which government moves fastest once it has them.


Drawing on reporting from Forbes' The Wiretap, The Register, TechTimes, Decrypt, Yahoo News, RedHotCyber, and AINave, current as of early July 2026.