Cost advantage: The model runs at approximately 1/6 the cost of equivalent proprietary U.S. frontier models per token, and the weights are downloadable for self-hosting with no API fee .
Important caveat: AVERI's Miles Brundage has publicly offered a 100-to-1 bet disputing the WSJ's claim that GLM-5.2 genuinely matches Mythos on cybersecurity, arguing the benchmark scope was narrow . The parity claim is real on specific Semgrep tests but may not generalize to broader evaluation.
On June 24, 2026, at the ISC.AI conference in Beijing, Chinese cybersecurity giant 360 Security Technology (Qihoo 360) unveiled two AI-powered cybersecurity tools :
Zhou Hongyi stated that China "could not afford to lack" a domestic equivalent to Mythos, framing it as a strategic cyber capability . The tools were built to match Frontier-class AI threat-detection capabilities without relying on restricted U.S. models or hardware
. According to reports, Tulongfeng has already identified over 3,400 vulnerabilities, with 105 reportedly confirmed by China's CNVD database
.
On June 24–25, 2026, Anthropic sent a letter to U.S. senators (dated June 10) accusing Alibaba and its Qwen AI lab of executing "the largest known distillation attack" against its Claude model .
Key details from the letter:
Alibaba has not publicly admitted wrongdoing . Distillation, as described, is a method that effectively renders hardware-based export controls less relevant because knowledge (rather than weights) is transferred, and the trained model can run on whatever compute is locally available.
The collective effect is a strategic blow to Washington's framework:
1. Cost collapses. Semgrep's testing showed GLM-5.2 finding vulnerabilities at ~$0.17 per exploit versus much higher per-vulnerability costs for proprietary U.S. models . The open-weight MIT license means zero licensing fees. 360's tools are domestic products for the Chinese market, likely priced below U.S. alternatives
.
2. Accessibility expands dramatically.
3. Offensive-defensive parity blurs. The same GLM-5.2 model that finds bugs at $0.17 each, and the same Tulongfeng tool, can be used for both vulnerability patching and offensive exploit discovery. With open weights and no oversight layer, it is difficult to distinguish defensive from offensive use .
The bottom line: The export-control paradigm assumed that restricting NVIDIA chips and model weights would keep Chinese frontier AI capabilities 2-3 generations behind. GLM-5.2 (open-weight, MIT-licensed, matching U.S. frontier on specific cybersecurity benchmarks at 1/6 the cost), Tulongfeng (domestic Mythos-class tool), and the Alibaba distillation episode collectively demonstrate that knowledge, capability, and access have already escaped the control regime. Advanced cybersecurity tools have gone from scarce, U.S.-only, high-cost products to globally accessible, low-cost, open-commodity assets in a matter of weeks.