It’s one of China’s biggest cybersecurity companies, but few Americans will know the name Qihoo 360. That’s about to change, and fast. Last week, billionaire founder Zhou Hongyi said his engineers had developed an AI that can rival Anthropic’s Mythos model at finding and exploiting software vulnerabilities, tools he likened to “cyber nuclear weapons.”
Mythos rattled the cybersecurity industry earlier this year when Anthropic claimed it uncover software flaws at scale. Last month, the company revealed it had been used by a select group of tech and internet giants to find over 6,000 high- or critical-severity vulnerabilities. It was a massive advance. But China is closing the gap. Qihoo’s Hongyi, who made his fortune developing a successful antivirus competitor to McAfee and Norton, says Qihoo 360’s AI, dubbed Tulongfeng, has found 3,432 software vulnerabilities to date, though they are yet to be verified.
In positioning Tulongfeng as a Mythos rival, 360 is fuelling an AI arms race between the U.S. and China, one with major national security stakes. Unlike Anthropic, 360 has long had a good working relationship with the Chinese military—good enough that Washington has already taken notice.. In 2020, the Commerce Department said 360’s ties to the Chinese regime made it a threat to America; it put the Chinese company on an entity list that bars American companies and individuals from doing business with it without a license. According to a 2025 congressional China Select Committee report, 360 leads China’s Cyberspace Security Military-Civil Integration Innovation Center, an effort to improve cyber defenses across the Chinese government. The Department of War has since labelled the company a “contributor to the Chinese defense industrial base.”
Dakota Cary, a Georgetown University expert in Chinese espionage, tells Forbes the most concerning link between 360 and the Chinese state is its role in the National Information Security Vulnerability Database, which is run by Beijing’s national security service, the MSS. In previous research, Cary, who advises cybersecurity company SentinelOne on Chinese hacking, found that 360 was providing at least 35 vulnerabilities a year to the MSS via that database. That was a concern because other research has indicated the Chinese government has, at times, delayed public disclosure of vulnerabilities submitted to the program so they could later be used in clandestine cyberattacks.
Cary says that 360’s development of an LLM will likely increase the number of flaws it can uncover and pass to the regime. “It underlines just how fast the front lines of cyber operations are changing,” he says. “Any security service that can get their hands on these tools has to use them as quickly as possible.”
360 hadn’t provided comment at the time of publication.
It’s unclear whether Anthropic would allow Claude to be used to find software flaws for use in American offensive cyber operations. Currently, Anthropic isn’t even offering that service for defensive work because it is at odds the Department of War remains over tools that could be used for mass surveillance. Then last week, over worries about the tech being used by cybercriminals or foreign adversaries, the Commerce Department ordered Anthropic not to release its Fable model, its publicly-available, heavily-guardrailed version of Mythos, to foreign users. Anthropic responded by turning Fable off for everyone.
OpenAI moved in a similar direction last week, limiting use of its new GPT-5.6 model to “trusted partners” approved by the Trump administration. Its previous GPT-5.5 model, which is still available, had already shown itself as adept as Mythos at hacking.
Meanwhile, other Chinese companies are continuing to pump out models that are increasingly close to their American rivals. Z.ai’s release of GLM-5.2 has caught the eye of cybersecurity experts for its ability to automate cyberattacks and vulnerability research. Researchers at cybersecurity company Semgrep found the Chinese AI was better at finding flaws than the latest available Claude models. GLM-5.2 is not only publicly available, it’s also an open weight model, giving users control over the AI's training and focus, which means it could be tweaked to be even more capable.
In time, the raw quality of the model will likely become less important than the efficiency of the people that wield the AI, says Eugenio Benincasa, senior researcher in cybersecurity at the Center for Security Studies at the ETH Zurich university. “When comparing with China, given equal or roughly similar capability levels, the key differentiator is likely to be the institutional setup,” he says, “That is how quickly and effectively those capabilities can be translated into operational use.”
Got a tip on surveillance or cybercrime? Get me on Signal at +1 929-512-7964. |
