China’s New Zhipu AI Reportedly Matches Claude Mythos in Vulnerability Detection

HomeCyber Security China’s New Zhipu AI Reportedly Matches Claude Mythos in Vulnerability Detection By Guru Baran June 29, 2026 Zhipu AI’s open-weight GLM-5.2 model is reportedly performing on par with Anthropic’s restricted Claude Mythos in specific cybersecurity and software vulnerability detection tasks, a development that is intensifying concerns inside the U.S. government about the effectiveness of its AI export control strategy. Zhipu AI (Z.ai) released GLM-5.2 on June 13, 2026, under a permissive open-weight license, enabling any researcher or developer to download and run the model on standard consumer-grade hardware. Unlike Anthropic’s Mythos, which is subject to U.S. export controls, GLM-5.2 is freely accessible worldwide. While the model still trails Anthropic and OpenAI systems on broad general-purpose benchmarks, its targeted performance in vulnerability identification has caught the security community’s attention. Independent testing by Semgrep placed GLM-5.2’s IDOR (Insecure Direct Object Reference) vulnerability detection at an F1 score of 39%, surpassing Claude Code’s 32–37% on identical evaluation tasks. Critically, the model achieved these results at approximately $0.17 per vulnerability found, roughly one-sixth the cost of comparable Claude-based workflows. Graphistry’s additional benchmarks further corroborated the finding, showing that a freely downloadable Chinese open-weight model can match U.S. frontier AI in specific security domains. Metric GLM-5.2 (Zhipu AI) Claude Mythos (Anthropic) IDOR Detection F1 Score 39% ~32–37% Cost Per Vulnerability Found ~$0.17 ~$1.00+ Access Model Open-weight (public) Restricted / export-controlled General-Purpose Benchmark Rank Trails U.S. models Frontier-tier License Permissive Proprietary The Trump administration has treated advanced AI models such as Mythos and Fable as serious national security assets, citing their ability to autonomously identify software vulnerabilities as potential enablers of cyberwarfare. U.S. export controls have suspended access to these models for foreign entities, including Chinese researchers, specifically over cyber risk concerns. The release of GLM-5.2 challenges the core assumption behind these restrictions that blocking access to frontier models would prevent adversaries from developing equivalent offensive cyber capabilities. Anthropic’s own Project Glasswing, which used Claude Mythos to uncover over 10,000 critical vulnerabilities in its initial report, had previously illustrated just how powerful these models can be in vulnerability research contexts. GLM-5.2 now raises the prospect that similar capabilities are no longer exclusively in U.S. hands. The development arrives as OpenAI unveiled GPT-5.6 with limited access due to similar misuse concerns, underscoring a broader U.S. effort to gate powerful AI behind access controls. Security researchers warn that open-weight models reaching frontier-level performance on niche tasks like bug-finding dramatically compress the timeline for both defensive automation and potential offensive exploitation. GLM-5.2’s public availability means these capabilities are already accessible to threat actors globally with or without U.S. regulatory approval. The emergence of GLM-5.2 signals that China has made material progress in specialized, high-stakes AI domains, forcing a critical reassessment of whether hardware restrictions and model access controls alone can preserve Western dominance in AI-driven cybersecurity tools. 🔒 CISO / Security Leader: Your Next Breach May Not Have a Face: Join the “Ghost in the Machine” LIVE webinar with ISC2 Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Guru Baranhttps://cybersecuritynews.com Gurubaran KS is a cybersecurity analyst, and Journalist with a strong focus on emerging threats and digital defense strategies. He is the Co-Founder and Editor-in-Chief of Cyber Security News, where he leads editorial coverage on global cybersecurity developments. Trending News Hackers Leveraged Shopify Oder-Tracking App Shop to Push Fake Invoices Hackers Abuse Compromised M365 Accounts to Scale CodeStorm Phishing Operations Minecraft Malware Loader Uses RSA-Signed Smart Contract Updates for Persistent C2 Chinese Cyber Contractors Use Malware, Botnets, and Stolen Data to Enable State Operations Critical python.org Vulnerability Allowed Attackers to Forge Admin-Level API Requests Latest News Cyber Security OpenAI Released GPT-5.6 Sol With Limited Access and Strong Cyberattack Protections Cyber Security Anthropic Confirms Claude Mythos 5 Redeployment for US Critical Infrastructure Organizations Cyber Security New Bucket Hijacking Attack Allows Hackers to Reroute Cloud Data Streams to External Storage Cyber Security New DirtyClone Linux Vulnerability Allows Attackers to Gain Root Access Via Cloned Packets Cyber Security Amazon Q Vulnerability Let Attackers Execute Code and Access Sensitive Cloud Environments