Threat Intelligence Bearish 8

100x faster vulnerability finding: China’s defenders face ‘cyber nuclear gap’

· 5 min read ·
Share

Key Takeaways

  • Anthropic’s Mythos AI makes vulnerability discovery 100x faster and cheaper, prompting 360 founder Zhou Hongyi to warn that China’s exclusion from the Project Glasswing alliance leaves its digital infrastructure dangerously exposed.
  • He calls for a homegrown equivalent to restore strategic balance.

Mentioned

Zhou Hongyi person 360 Security Technology company 601360.SH Anthropic company Mythos product Project Glasswing alliance Zhipu AI company GLM-5.2 product Claude Fable 5 product

Key Intelligence

Key Facts

  1. 1Mythos, released in April 2026, autonomously identifies software vulnerabilities and reportedly accelerates discovery 100-fold while cutting costs dramatically.
  2. 2Through Project Glasswing, Anthropic in April 2026 granted more than 40 organizations access to Mythos Preview — all from the US and its allies, with China excluded.
  3. 3360 Security Technology founder Zhou Hongyi called Mythos a 'cyber nuclear weapon' and urged China to build its own equivalent for 'reciprocal strategic deterrence.'
  4. 4Zhou's June 24, 2026 speech marked the first public warning from a prominent Chinese tech founder about the strategic risks of US frontier AI cybersecurity models.
  5. 5Anthropic's earlier Claude Fable 5 model was briefly released then withdrawn after Washington ordered a foreign access block, fueling speculation that Chinese models like Zhipu AI's GLM-5.2 could close the gap.
  6. 6A domestic Chinese Mythos-class model would aim to match the offensive cyber capabilities of the US and prevent unacceptable strategic asymmetry.

This means US organisations can use Mythos to scan your vulnerabilities, but you don’t even have the qualification to catch a glimpse of Mythos.

Zhou Hongyi Founder, 360 Security Technology

Speaking at a Beijing cybersecurity conference

Who's Affected

Chinese Critical Infrastructure
otherNegative
360 Security Technology
companyPositive
Global Vulnerability Market
marketNegative
Faster Vulnerability Discovery
100x vs. pre-Mythos methods

Mythos has democratized cyberattacks, creating a new offense-defense asymmetry

Analysis

For cybersecurity defenders, the speed at which vulnerabilities are found and patched is the entire game. When a tool autonomously accelerates that discovery a hundredfold and prices plummet, the attack surface expands beyond any human-staffed incident response team’s capacity. China’s exclusion from the early-adopter club of Mythos Preview means its critical networks are being scanned by an AI that Chinese defenders cannot even inspect, let alone counter. The strategic asymmetry is the stuff of red-team nightmares, and it demands an immediate, government-backed response from Beijing.

In a stark warning at a Beijing cybersecurity conference on June 24, 2026, 360 Security Technology founder Zhou Hongyi declared that China must urgently develop its own equivalent to Anthropic's Mythos AI model, describing the US technology as a 'cyber nuclear weapon' that threatens to tilt the balance of global cyber defenses irreversibly against nations excluded from it. Zhou's remarks mark the first public alert from a prominent Chinese tech leader about the strategic dangers posed by an American frontier AI model designed from the ground up to autonomously find and exploit software vulnerabilities at unprecedented speed and scale. Released in April 2026, Mythos reportedly accelerates vulnerability discovery a hundredfold while slashing associated costs, effectively 'democratising' offensive cyber capabilities and putting them within reach of a much wider range of actors. The entire cybersecurity industry now confronts a new era where attack surfaces can be mapped and breached orders of magnitude faster than human researchers or legacy tools could ever manage.

China’s exclusion from the early-adopter club of Mythos Preview means its critical networks are being scanned by an AI that Chinese defenders cannot even inspect, let alone counter.

Zhou specifically highlighted the US-orchestrated Project Glasswing alliance, through which Anthropic in April granted more than 40 organizations access to Mythos Preview to strengthen their cyber defenses, while conspicuously excluding any Chinese entity. This arrangement, Zhou argued, means that US and allied defenders can systematically scan Chinese digital infrastructure for zero-day vulnerabilities without Chinese counterparts ever getting the chance to examine the very engine performing those scans. For Zhou, that asymmetry is tantamount to a strategic nuclear imbalance — hence his call for a domestic equivalent to create a 'reciprocal strategic deterrence capability' modeled on mutually assured destruction logic. His framing was deliberately provocative, aiming to galvanize policymakers and industry into mobilizing the kind of resources China previously marshaled for its nuclear weapons and space programs. Behind the rhetoric lies a concrete fear: that Mythos-class models will shift the offense-defense balance so decisively that known vulnerabilities will proliferate faster than patches can be developed, tested, and deployed, leaving critical infrastructure permanently exposed.

The context of Zhou's warning is a fiercely intensifying US-China technology rivalry, now entering a phase where AI security tools are being weaponized as instruments of geostrategic advantage. Anthropic's own brief roll-out of its consumer-facing Claude Fable 5 model earlier this year — and its subsequent withdrawal after Washington ordered a block on foreign access — had already exposed the extent to which AI model distribution is becoming politicized. That episode fueled speculation that Chinese open-weight models, such as Zhipu AI's GLM-5.2, might close the gap, but Zhou's comments suggest a far more urgent and defense-focused ambition: not merely parity in general-purpose language models, but a dedicated, AI-powered vulnerability research engine that can operate at the scale of an entire nation's attack surface. For a country as digitally vast as China, with its massive state-owned enterprises, sprawling fintech ecosystem, and critical infrastructure networks, the absence of such a capability represents a potential systemic risk.

What to Watch

The implications for the global cybersecurity market are far-reaching. A successful Chinese Mythos competitor would not only restore a measure of mutual deterrence but could also reshape the international commercial vulnerability disclosure and bug bounty landscape. If both the US and China possess AI systems capable of autonomously discovering thousands of zero-days per month, the economics of vulnerability markets would be upended; prices could crash, while the sheer volume of flaws might overwhelm even the most well-resourced patch management programs. Meanwhile, cybersecurity firms like 360 stand to gain enormously if Beijing channels state funding into building the homegrown Mythos. 360 Security Technology, which already dominates China's consumer and enterprise security markets, would be a natural lead recipient of such an initiative, potentially transforming it from a services-oriented defender into a provider of the most advanced offensive cybersecurity AI on the planet. The speech, therefore, also served as a strategic pitch for a new industrial policy, one that could align private sector R&D with national security imperatives in much the same way the US has done with its cloud computing and AI giants.

Beyond immediate market effects, Zhou's cry for a 'cyber nuclear weapon' of China's own signals a dangerous normalization of militarized language in AI development. It frames AI cybersecurity as an arms race, not a cooperative endeavor, reinforcing the tendency of both sides to treat non-proliferation norms as vestiges of a bygone era. As China reportedly accelerates work on its own frontier AI security capabilities, the international community faces a stark choice: either forge multilateral agreements to constrain the offensive use of autonomous vulnerability discovery systems, or accept a world where every connected device is constantly being autonomously probed by adversarial AI. Zhou's speech is a reminder that the window for such agreements is closing rapidly. For enterprise security leaders worldwide, the message is clear: the era of AI-augmented vulnerability discovery is here, and the only question is whether defensive AI can evolve quickly enough to match its offensive counterpart.

Timeline

Timeline

  1. Anthropic releases Mythos and launches Project Glasswing

  2. Zhou Hongyi warns China needs its own Mythos

Cite This Page

"100x faster vulnerability finding: China’s defenders face ‘cyber nuclear gap’." Cyber Intelligence Brief, June 26, 2026. https://getcyberbrief.com/story/china-mythos-cyber-nuclear-gap

How we covered this story

Every story in our cybersecurity coverage is assembled from multiple primary sources, cross-referenced for factual consistency, and scored along three independent dimensions: sentiment, operational impact, and source-cluster confidence. Single-source rumors and unverifiable claims do not pass our editorial gate. When a story shows "Verified by N sources" with N≥2, the development is independently corroborated; when N=1, we mark it explicitly so readers can weigh the signal accordingly.

Impact scoring uses a 1-10 scale weighted toward regulatory, financial, and operational consequence rather than coverage volume. A topic that runs in every outlet but moves no real decisions ranks lower than a niche regulatory filing that reshapes how operators in the cybersecurity space have to behave. Read our full methodology for the scoring rubric, our glossary for term definitions, and our trends index for the longitudinal view across the beat.