China’s AI Cyber Leap Is Rewriting the Rules of Digital Defence
The global race to dominate artificial intelligence has entered a more dangerous phase. Until recently, the sharpest concern around frontier AI was which country could build the most capable model for coding, research, business automation or consumer products. Now, the question is becoming more urgent: which country can use AI to find software flaws faster, defend critical systems sooner and, potentially, automate cyber operations at scale?
That question has moved to the centre of the U.S. and China technology contest after security researchers found that Chinese AI systems are now matching the performance of Anthropic’s powerful Mythos model in some cybersecurity scenarios. A new model from Zhipu AI, also known as Z.ai, has reportedly shown the ability to compete with leading U.S. models in finding security bugs, even though it still trails Anthropic and OpenAI in other areas.
The finding is significant because Mythos was not just another chatbot. Anthropic positioned Mythos as a high-powered cybersecurity model intended for approved cyber defenders and infrastructure providers, with some safeguards lifted for trusted use. The company has said earlier Mythos systems helped identify thousands of serious vulnerabilities across major operating systems, web browsers and other important software.
That makes the rise of comparable Chinese systems a strategic turning point. AI models that can identify software flaws can help defenders patch critical systems, but the same capabilities can also help attackers discover weaknesses, chain exploits and move faster than human teams can respond. The balance between defence and offence is becoming thinner, and the technology is spreading.
The gap is closing faster than Washington expected
The latest concern centres on GLM-5.2, Z.ai’s new open-weight model. Security company Semgrep said the model surprised its researchers in cyber benchmarks, noting that one open-weight model surpassed a frontier coding agent in its testing. Semgrep described GLM-5.2 as a roughly 750 billion parameter mixture-of-experts model, with about 40 billion active parameters per token, a one million token context window and open weights released under an MIT licence.
That structure matters. Closed models such as Claude or ChatGPT operate through controlled services, where providers can monitor misuse, enforce safety rules and cut off abusive accounts. Open-weight models can be downloaded, modified and run locally. For legitimate security teams, that is attractive because sensitive code can be analysed inside private environments. For malicious actors, it can also mean fewer guardrails, less provider visibility and more freedom to fine-tune a model for offensive tasks.
Axios reported that separate evaluations from Graphistry and Semgrep found GLM-5.2 performing on par with leading U.S. models on cybersecurity investigation and vulnerability discovery benchmarks. The same report noted that open-weight systems could lower the barrier for attackers who want to automate and personalise intrusions.
The implications go beyond one model. Chinese cybersecurity company 360 Security Technology has also claimed it has developed domestic tools designed to match Anthropic’s Mythos, including one system for automated vulnerability discovery and another for cyber defence and incident response. Reuters reported that the company said one of those tools had found 3,432 vulnerabilities, although Reuters could not independently verify the claim.
Taken together, these developments suggest the AI cyber race is no longer defined only by who has the most powerful closed model. It is also about who can make advanced cyber capability cheap, accessible and deployable.
U.S. controls may be creating a dilemma
Washington’s response to frontier AI cyber risk has been increasingly interventionist. On June 2, President Donald Trump signed an executive order directing federal agencies to strengthen AI-enabled cyber defence and create a framework for the secure deployment of frontier models. The order calls for classified benchmarking, early government access to covered frontier models for up to 30 days before broader trusted release, and collaboration between developers and federal officials on which partners should receive early access.
The policy reflects a real fear: frontier models may soon become powerful enough to transform vulnerability discovery, exploit development and cyber operations. But the timing has triggered a new concern among critics. If the U.S. restricts access to its strongest defensive models while Chinese alternatives become widely available, Washington may slow its own defenders more than it slows adversaries.
Anthropic’s experience shows the tension. The company said the U.S. government issued an export control directive requiring it to suspend access to Fable 5 and Mythos 5 by foreign nationals, including foreign national employees inside Anthropic. To comply, Anthropic disabled both models for all customers, while disputing whether the government’s concern justified such a broad disruption.
OpenAI has also moved cautiously. Its GPT-5.6 Sol model is being rolled out through limited preview, with the company describing stronger cyber capabilities and stronger safeguards. OpenAI said GPT-5.6 Sol is its most capable cybersecurity model to date and competitive with Mythos Preview on certain exploitation benchmarks while using fewer output tokens.
The strategic problem is obvious. The U.S. wants to prevent frontier models from empowering hostile states and cybercriminals. But if restrictions are too broad, the best tools may be withheld from legitimate defenders, while open-weight competitors continue circulating.
The AI race is becoming a cyber arms race
The deeper shift is that cybersecurity is no longer just one application of AI. It is becoming one of the arenas where the AI race will be won or lost.
Models that can analyse enormous codebases, reason across complex software systems and autonomously search for flaws could improve security at scale. They could help understaffed teams find vulnerabilities that would otherwise remain hidden for years. They could assist governments in hardening critical infrastructure, help hospitals and utilities patch weak systems, and support software vendors in testing products before release.
But the same capabilities could accelerate attack cycles. Phishing campaigns can be personalised. Malware can be adapted faster. Vulnerability research can be automated. Attackers can use AI agents to probe systems, study internal documentation after a breach and recommend ways to move laterally across a network.
The Associated Press reported that Anthropic’s Mythos model identified vulnerabilities in highly sensitive U.S. government computer systems during a testing exercise with intelligence agencies, although the model was not said to have exploited them. That episode illustrates why governments are both interested in these tools and alarmed by them.
There is also an intellectual property dimension. Reuters reported that Anthropic accused Alibaba of illicitly extracting Claude model capabilities through a large-scale distillation effort involving more than 28.8 million interactions across nearly 25,000 fraudulent accounts. Anthropic alleged the campaign was intended to accelerate China’s ability to approach Mythos-level capabilities, while Alibaba did not immediately respond to Reuters’ request for comment.
Whether through original research, open-weight development, model distillation or lower-cost deployment, China’s AI ecosystem is closing the gap. That has unsettled a U.S. policy debate that once assumed American labs would maintain a durable lead.
Businesses cannot wait for governments to solve this
For companies, the lesson is not abstract. The AI cyber race will change the threat environment that every organisation faces.
Attackers do not need the absolute best frontier model to become more dangerous. They need tools that are good enough to automate reconnaissance, write convincing messages, analyse stolen files, identify weak credentials or test exposed systems. As these tools become cheaper and more widely available, the gap between sophisticated attackers and lower-level criminals will shrink.
That puts pressure on businesses to improve basic defences. Patch management, multi-factor authentication, secure configuration, endpoint monitoring, access control and incident response planning are no longer optional. They are the foundation needed before AI-driven threats become more common.
It also raises the importance of human training. Many breaches still begin with preventable mistakes: a staff member clicks a malicious link, reuses a password, mishandles sensitive data or fails to recognise a suspicious request. AI will make those attacks more convincing. It will help criminals tailor their messages, mimic internal language and exploit moments of confusion.
Technology alone will not solve that problem. People need to understand how modern attacks work and how their day-to-day decisions affect organisational risk.
The new cyber reality
The rise of Chinese AI systems that can rival U.S. models in cybersecurity tasks marks a turning point. The old assumption that the most advanced cyber-AI capabilities would remain tightly concentrated among a few American labs is weakening. The tools are spreading, the cost is falling and the strategic stakes are rising.
For governments, the challenge is to regulate without weakening their own defenders. For AI companies, it is to expand access responsibly while preventing misuse. For businesses, the message is simpler: the threat landscape is moving faster than most organisations are prepared for.
AI is now part of cybersecurity, both as a shield and as a weapon. The organisations that adapt early will be better placed to withstand what comes next.
To strengthen your own defences, start with the skills your people use every day. The Hack Academy’s online training programme helps teams recognise cyber threats, reduce risky behaviour and build practical security habits before attackers exploit a weakness. Invest in your cyber readiness now, because the next generation of threats is already arriving.