Chinese Cybersecurity Firm’s AI Hacking Claims Draw Comparisons to Claude Mythos
Companies Mentioned
Why It Matters
If validated, 360’s AI could accelerate vulnerability research in China, giving state‑linked actors a strategic edge over Western firms that lack comparable regulatory pipelines. The claims also pressure global AI‑security vendors to demonstrate comparable autonomous capabilities.
Key Takeaways
- •360 AI discovered ~1,000 bugs, including 50 high‑severity flaws, at Tianfu Cup
- •Claims include CVE‑2026‑32190 Office bug found within minutes after eight years hidden
- •Anthropic says Claude Mythos found thousands of bugs but stays unreleased
- •Chinese law forces firms to report vulnerabilities to government, feeding state intelligence
- •Experts compare 360’s system to Google’s Big Sleep, not full Claude‑level autonomy
Pulse Analysis
The race to embed artificial intelligence in vulnerability discovery has intensified after Anthropic unveiled Claude Mythos, a model it says can autonomously locate thousands of software flaws. While Mythos remains under tight control through Project Glasswing, its promise has sparked a global scramble to match its capabilities. Companies are betting that AI can compress months of manual research into hours, potentially reshaping how both defenders and attackers find exploitable bugs. This shift is especially pronounced in the cybersecurity market, where speed and scale are critical competitive differentiators.
In China, 360 Digital Security’s Multi‑Agent Collaborative Vulnerability Discovery System has drawn attention for its performance at the Tianfu Cup, a high‑profile hacking competition revived this year. According to the firm, the AI contributed to roughly half of the 1,000 vulnerabilities uncovered, including a critical Office flaw (CVE‑2026‑32190) detected within minutes—a claim that, if true, would eclipse many public disclosures. However, independent analysts note that the system resembles Google’s Big Sleep, which accelerates discrete research stages rather than operating as a fully autonomous agent. The credibility of some claims, such as the disputed Windows kernel CVE, remains under scrutiny.
Beyond technical prowess, China’s regulatory framework gives its AI‑enhanced security tools a strategic advantage. Domestic laws require private entities to report discovered vulnerabilities to government bodies before public disclosure, effectively funneling cutting‑edge research into state intelligence channels. This contrasts sharply with the more fragmented reporting landscape in the United States and Europe, where disclosures are often delayed or fragmented. As AI models become more capable, the interplay between technology, policy, and national security will shape the future competitive balance in cyber‑defense and offensive capabilities worldwide.
Chinese Cybersecurity Firm’s AI Hacking Claims Draw Comparisons to Claude Mythos
Comments
Want to join the conversation?
Loading comments...