Blacklisted Chinese cybersecurity firm Qihoo 360 claims to have built an AI system that matches the vulnerability discovery capabilities of Anthropic's Claude Mythos, the most powerful US cyber weapon. The announcement, made by CEO Zhou Hongyi at a conference in China, comes as the Five Eyes intelligence alliance warns that adversaries are months-not years-away from launching devastating AI-powered cyberattacks.
Qihoo 360 has been on a US government blacklist since 2020 over alleged ties to the Chinese military. Earlier this month, the Pentagon accused the company of being a "military civil fusion contributor" to China's defense industrial base and linked to Beijing's intelligence agencies. Qihoo has previously rejected these accusations.
The Mythos benchmark
Anthropic unveiled Mythos in April, describing it as "reshaping cybersecurity" for its ability to uncover and exploit thousands of previously unknown software bugs. The company initially withheld the AI from the public because of safety concerns, then offered limited access to select business customers. The US National Security Agency trialled Mythos to find flaws in classified government systems. The White House later imposed export controls on the technology, and Anthropic was forced to withdraw it entirely.
Zhou called Mythos "equivalent to a cyber nuclear weapon in the AI era" and a "strategic asset" for the United States.
China's answer to Mythos
Zhou said Qihoo developed its own system, Tulongfeng, which he billed as a "Chinese version of Mythos, possessing similar vulnerability discovery capabilities." While not as powerful on its own, he said Tulongfeng could be paired with other Qihoo technologies to create a hacking tool equivalent to Anthropic's system. The system has already found more than 3,000 vulnerabilities, several of which Chinese officials classified as high-risk.
Nuclear deterrence in cyberspace
Zhou compared the development of AI cyber systems to the nuclear arms race. "Previously, nuclear weapons constituted strategic deterrence. In the future, vulnerability discovery capabilities may become the new strategic deterrent," he said. "China's cybersecurity industry must possess its own Mythos. This game-changing weapon of mass destruction cannot remain solely in the hands of others."
Alan Woodward, a cybersecurity expert at the University of Surrey, said it was inevitable that China would develop such systems. "It might not be as good as Mythos, but what it does show is these things are going to come out anyway," he said.
Why this matters for IT and development professionals
The acceleration of AI-driven vulnerability discovery means that traditional patch cycles and red-team exercises will need to adapt. Professionals responsible for securing systems should understand how these tools work-and how to detect their use. The AI Learning Path for Cybersecurity Analysts covers vulnerability discovery and threat detection techniques relevant to this emerging threat. For IT teams, integrating AI-assisted defensive tooling is no longer optional; it's a core competency. The broader AI for IT & Development track offers resources for technical roles navigating this shift.
Your membership also unlocks:
