{"id":238423,"date":"2026-06-29T00:33:00","date_gmt":"2026-06-29T04:33:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/29\/chinas-new-zhipu-ai-reportedly-matches-claude-mythos-in-vulnerability-detection\/"},"modified":"2026-06-29T01:15:06","modified_gmt":"2026-06-29T05:15:06","slug":"chinas-new-zhipu-ai-reportedly-matches-claude-mythos-in-vulnerability-detection","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/29\/chinas-new-zhipu-ai-reportedly-matches-claude-mythos-in-vulnerability-detection\/","title":{"rendered":"China&#8217;s New Zhipu AI Reportedly Matches Claude Mythos in Vulnerability Detection"},"content":{"rendered":"<p><a href=\"https:\/\/cybersecuritynews.com\/zhipu-ai-vulnerability-detection\/\">China&#8217;s New Zhipu AI Reportedly Matches Claude Mythos in Vulnerability Detection<\/a><\/p>\n<p><a href=\"https:\/\/cybersecuritynews.com\/zhipu-ai-vulnerability-detection\/\">https:\/\/cybersecuritynews.com\/zhipu-ai-vulnerability-detection\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-29 00:33:00<\/a><\/p>\n<p>Source Domain: <a href=\"cybersecuritynews.com\">cybersecuritynews.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points.<br \/>\nZhipu AI\u2019s open-weight GLM-5.2 model is reportedly performing on par with Anthropic\u2019s restricted Claude Mythos in specific cybersecurity and software vulnerability detection tasks, a development that is intensifying concerns inside the U.S. government about the effectiveness of its AI export control strategy.<\/p>\n<p>Zhipu AI (Z.ai) released GLM-5.2 on June 13, 2026, under a permissive open-weight license, enabling any researcher or developer to download and run the model on standard consumer-grade hardware. Unlike Anthropic\u2019s Mythos, which is subject to U.S. export controls, GLM-5.2 is freely accessible worldwide.<\/p>\n<p>While the model still trails Anthropic and OpenAI systems on broad general-purpose benchmarks, its targeted performance in vulnerability identification has caught the security community\u2019s attention.<\/p>\n<p>Independent testing by Semgrep placed GLM-5.2\u2019s IDOR (Insecure Direct Object Reference) vulnerability detection at an F1 score of 39%, surpassing Claude Code\u2019s 32\u201337% on identical evaluation tasks.<\/p>\n<p>Critically, the model achieved these results at approximately $0.17 per vulnerability found, roughly one-sixth the cost of comparable Claude-based workflows. Graphistry\u2019s additional benchmarks further corroborated the finding, showing that a freely downloadable Chinese open-weight model can match U.S. frontier AI in specific security domains.<\/p>\n<p>MetricGLM-5.2 (Zhipu AI)Claude Mythos (Anthropic)IDOR Detection F1 Score39%~32\u201337%Cost Per Vulnerability Found~$0.17~$1.00+Access ModelOpen-weight (public)Restricted \/ export-controlledGeneral-Purpose Benchmark RankTrails U.S. modelsFrontier-tierLicensePermissiveProprietary<\/p>\n<p>The Trump administration has treated advanced AI models such as Mythos and Fable as serious national security assets, citing their ability to autonomously identify software vulnerabilities as potential enablers of cyberwarfare.<\/p>\n<p>U.S. export controls have suspended access to these models for foreign entities, including Chinese researchers, specifically over cyber risk concerns. The release of GLM-5.2 challenges the core assumption behind these restrictions that blocking access to frontier models would prevent adversaries from developing equivalent offensive cyber capabilities.<\/p>\n<p>Anthropic\u2019s own Project Glasswing, which used Claude Mythos to uncover over 10,000 critical vulnerabilities in its initial report, had previously illustrated just how powerful these models can be in vulnerability research contexts. GLM-5.2 now raises the prospect that similar capabilities are no longer exclusively in U.S. hands.<\/p>\n<p>The development arrives as OpenAI unveiled GPT-5.6 with limited access due to similar misuse concerns, underscoring a broader U.S. effort to gate powerful AI behind access controls.<\/p>\n<p>Security researchers warn that open-weight models reaching frontier-level performance on niche tasks like bug-finding dramatically compress the timeline for both defensive automation and potential offensive exploitation. GLM-5.2\u2019s public availability means these capabilities are already accessible to threat actors globally with or without U.S. regulatory approval.<\/p>\n<p>The emergence of GLM-5.2 signals that China has made material progress in specialized, high-stakes AI domains, forcing a critical reassessment of whether hardware restrictions and model access controls alone can preserve Western dominance in AI-driven cybersecurity tools.<\/p>\n<p>What Features Should AI SOC Have? \u2013 Download Free 2026 AI SOC Features Checklist<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>China&#8217;s New Zhipu AI Reportedly Matches Claude Mythos in Vulnerability Detection https:\/\/cybersecuritynews.com\/zhipu-ai-vulnerability-detection\/ Publish Date: 2026-06-29&#8230;<\/p>\n","protected":false},"author":1,"featured_media":238424,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"http:\/\/cybersecuritynews.com\/wp-content\/uploads\/2026\/06\/Zhipu-A-Vulnerability-Detection.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,24,27],"class_list":["post-238423","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/238423"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=238423"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/238423\/revisions"}],"predecessor-version":[{"id":238425,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/238423\/revisions\/238425"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/238424"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=238423"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=238423"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=238423"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}