Thought Leadership
China’s 360 Digital Security Group claims to have found around 1,000 vulnerabilities with the help of a multi-agent system, including at the Tianfu Cup hacking contest. The capabilities are said to approach those of Anthropic’s new Claude Mythos model. Doubts remain.
Only weeks after the unveiling of Claude Mythos, a company from China has spoken up that apparently wants to play in a similar league. The 360 Digital Security Group, a subsidiary of Beijing based IT security giant Qihoo 360, is claiming AI driven vulnerability discovery capabilities that come close to what Anthropic has described for its latest frontier model. The claims have been analyzed by Eugenio Benincasa, a China focused cybersecurity researcher at ETH Zurich, in a post for the Natto Thoughts blog.
In early April, Anthropic announced that Claude Mythos had autonomously identified thousands of security vulnerabilities, in some cases even independently developing exploits and chaining vulnerabilities together. The model is not publicly available. Through its Project Glasswing initiative, Anthropic is making it accessible only to around 40 selected organizations, including major technology and cybersecurity firms. Benincasa points out that authorities are already reacting: U.S. officials are said to have briefed financial institutions on AI enabled cyber risks, while German authorities have warned of significant disruption.
AI as the “core engine of vulnerability discovery”
At the center of the Chinese developments is the Tianfu Cup, one of the most important hacking competitions in the country. According to Benincasa, the winning team from 360 relied heavily on AI assisted discovery and exploitation of vulnerabilities. The team leader is quoted as saying that AI has evolved “from an auxiliary tool to the core engine of vulnerability discovery.” The third place team reportedly made similar claims.
Technically, 360 says it relies on an internally developed “Multi-Agent Collaborative Vulnerability Discovery System.” This system is said to have contributed about half of the vulnerabilities found at the Tianfu Cup. In total, the firm speaks of around 1,000 vulnerabilities discovered, including more than 50 with high severity ratings. Affected products reportedly include Windows, Microsoft Office, Android, OpenClaw, and various IoT devices.
Questionable individual finds
One particularly high profile claim involves a critical Office vulnerability tracked as CVE-2026-32190. The AI agent is said to have identified it within minutes, even though the vulnerability had allegedly remained undetected for about eight years. With a second vulnerability in the Windows kernel (CVE-2026-24293), however, Microsoft credits the find to researchers from Taiwan and South Korea. This raises questions about 360’s portrayal of events.
Benincasa also tempers expectations. While 360’s AI capabilities are notable, they do not yet reach the reasoning capabilities described for Claude Mythos. A more realistic comparison, he suggests, is Google’s Big Sleep, which accelerates individual stages of vulnerability analysis without operating as a fully autonomous agent.
Structural advantages for Chinese authorities
More decisive than the technical comparison may be the regulatory framework. Chinese laws require companies and researchers to first report vulnerabilities to authorities before public disclosure is permitted. Elite security research therefore effectively flows into state intelligence channels, which constitutes a structural advantage over the United States, Europe, and other democracies.
In this context, Benincasa quotes 360 chairman Zhou Hongyi with a statement from 2018: “Whoever masters automated vulnerability discovery technology holds the upper hand in cyber offense and defense.” Anthropic CEO Dario Amodei has also acknowledged that open source models and Chinese developers could catch up to comparable levels within six to twelve months, a view shared by researchers at cloud security firm Wiz.
As for the actual capabilities of Mythos, there is at least external corroboration. Mozilla stated that it identified more than 270 vulnerabilities in Firefox with the help of the model, and Palo Alto Networks reported a significant acceleration of its vulnerability discovery. Critics, however, point out that only a few dozen public CVEs have so far been credited to Anthropic, and only one explicitly to Project Glasswing.
