By 
The world already knows about Anthropic's Mythos. If you have been following our coverage, you know that Mythos is a model Anthropic says is too powerful to release to the general public, one that can autonomously find and exploit decades-old software vulnerabilities across major operating systems and browsers. You also know that the US government felt strongly enough about its capabilities to slap an export control order on Fable 5, a related model, just three days after launch, shutting it down for every user on earth, including Anthropic's own foreign national employees.
That backdrop matters enormously for what happened on June 24, 2026, at the Beijing National Convention Center. At the ISC.AI 2026 cybersecurity conference, Zhou Hongyi, the founder of 360 Security Technology, stood before an audience of security professionals and announced that China now had its answer to Mythos. The tools have a name drawn from a classic Chinese martial arts novel: "Yitian Tulong," which translates loosely to "Heavenly Sword and Dragon Saber." It is a name that tells you everything about how Zhou and his company want the world to understand what they have built. This is not just a software product. It is a weapon, and China intends to hold it.
Who Is Zhou Hongyi, and Why Does It Matter That He Said This?
Before getting into the technical details, it is worth understanding the person making these claims, because in China's tech and policy world, the messenger and the message are inseparable.
Zhou Hongyi co-founded 360 Security Technology in June 2005 alongside Qi Xiangdong. The company started life as an antivirus software provider, offering free protection to Chinese consumers at a time when most security software charged upfront fees. That strategy worked. By the early 2010s, 360 had become China's dominant cybersecurity brand, and Zhou had earned a reputation as one of the country's most outspoken and influential tech voices.
The company's trajectory since then has been closely tied to the Chinese state. In 2016, 360 delisted from the New York Stock Exchange and went private. By 2018, it had relisted on the Shanghai Stock Exchange, returning its capital structure firmly to domestic Chinese markets. The US Commerce Department added 360 to its Entity List in 2020, accusing the company of helping China surveil its Uyghur Muslim population in Xinjiang. In 2022, the US Defence Department went further, placing 360 on a list of companies deemed to have ties to the Chinese military.
Zhou, for his part, has framed all of this as evidence that 360 is doing its job. He has claimed publicly that 360 discovered CIA and NSA hacking programs that had operated against Chinese targets for over a decade, and that US sanctions were essentially retaliation for that exposure. Whether one takes that framing at face value or not, the point is that Zhou holds a seat on one of China's top political advisory bodies, and 360 has positioned itself as a key pillar of China's national cybersecurity infrastructure. When Zhou announces a new AI security capability and explicitly frames it as a matter of national interest, this is not a startup founder chasing a press cycle. It is a state-aligned technology executive making a geopolitical statement through a product launch.
What Yitian Tulong Actually Is
The "Yitian Tulong" suite comprises two distinct tools, each designed for a different half of the security equation.
The first is Tulongfeng, which Zhou described explicitly as "China's version of Mythos." Its job is automated vulnerability discovery: feeding code and systems into an AI-driven pipeline that identifies previously unknown software flaws without requiring a human researcher to direct every step. According to 360, Tulongfeng has already identified 3,432 software vulnerabilities, of which 105 have been confirmed by Chinese government authorities. Earlier in April 2026, the company had separately reported that its AI-driven methods found approximately 1,000 vulnerabilities in systems including Microsoft Office.
The second tool is Yitianzhen, which sits on the defensive side of the equation. Where Tulongfeng hunts for weaknesses, Yitianzhen is built to automate cyber defence operations and incident response, essentially giving security teams an AI-assisted rapid reaction capability when attacks come in.
Together, the two tools are designed to function as what Zhou called a "professional attack-and-defence team," a phrase he used deliberately in contrast to what he characterised as the American approach. In his framing, the US strategy under Mythos is to cultivate "a genius hacker," a single supremely capable AI system that works autonomously at an elite level. Zhou argued that this model is not one China should or needs to copy. Instead, 360's approach layers AI models on top of existing human security expertise, established vulnerability databases, and automated tooling in what he called an "agent" architecture. The result, he claimed, is a system that is more stable, more consistent, and capable of operating around the clock with fewer errors than a model that concentrates all capability in one place.
"If Mythos is a top-end chip," Zhou said, "what we are building is a complete machine that can run stably, work 24 hours a day and make fewer mistakes."
It is a useful framing, but it is also worth noting that Zhou acknowledged in the same presentation that Chinese AI models still trail their US counterparts by roughly 20 to 30 percent in raw underlying capability. His argument was not that Tulongfeng has surpassed Mythos. It was that China cannot afford to wait for that gap to close before building its own capability in this space.
The Chip Problem: Why China Is Taking a Different Route
Understanding the Yitian Tulong announcement requires understanding the hardware reality that shapes everything China does in frontier AI right now.
Since 2022, the US has progressively tightened export controls on advanced semiconductor chips, specifically the high-performance graphics processing units that AI training depends on. The restrictions have prevented Chinese AI developers from accessing the most powerful chips made by companies like NVIDIA, which are subject to export licensing requirements for sales to Chinese entities. The stated rationale from Washington is that these chips would allow the Chinese military to dramatically accelerate its AI capabilities, creating national security risks for the United States and its allies.
The practical effect of these restrictions is that China's frontier AI models are running on less powerful hardware than their American counterparts, and the gap in raw compute has constrained how far domestic models can push. Zhou acknowledged this directly, noting that waiting for Chinese models to fully catch up to American ones on raw capability before building AI-powered security tools is simply not an option.
"China cannot wait until model capabilities have fully caught up before starting vulnerability discovery, because we cannot afford to wait," Zhou said.
This is where the agent architecture becomes strategically important. If you cannot match your competitor in the raw power of the underlying model, you can still compete by building smarter systems around less powerful models. Combining a domestic model with rich vulnerability databases, specialised security expertise, and automated orchestration layers can theoretically produce operational capabilities that punch above the model's raw benchmark performance. Whether that combination genuinely achieves Mythos-equivalent results is a claim that cannot be independently verified. But as a strategic approach to working around hardware constraints, the logic is sound.
One-Way Transparency: The Fear That Drove This
Perhaps the most important thing Zhou said at ISC.AI 2026 was not about what Tulongfeng can do. It was about why it had to be built at all.
He described a concept he called "one-way transparency," the idea that foreign AI systems, and specifically American ones, could be used to scan Chinese software and critical infrastructure for vulnerabilities while Chinese organisations lacked any comparable capability to do the same. In this framing, Mythos is not just a technological threat. It is a structural asymmetry in the global cybersecurity balance. If the US, or any of the 40-plus Project Glasswing partners that have access to Mythos, can find vulnerabilities in Chinese systems at the speed and scale Anthropic claims, while China has no equivalent tool to audit its own infrastructure or understand what attackers using similar capabilities might find, then China is operating at a permanent defensive disadvantage.
"This kind of powerful weapon that can change the landscape of cyber offence and defence cannot be held only by others," Zhou said.
This line is the clearest possible articulation of why the Mythos announcement landed the way it did outside the United States. While the American security industry has largely debated Mythos as a question of enterprise access and responsible disclosure timelines, other countries have been asking a different question: what happens to us if only the US and its closest partners have this tool? Many countries have long worried about deep dependence on US-controlled technology infrastructure. The Fable 5 shutdown was a vivid reminder of just how real that dependence is. As one observer noted after the shutdown, any application built on a US-based large language model is now demonstrably subject to being disabled at any moment, by export control directive, with essentially no warning. That is not just a business continuity problem. For governments and critical infrastructure operators, it is a sovereignty problem.
China's response to that problem is Yitian Tulong. Zhou is essentially arguing that in a world where AI-driven vulnerability discovery is becoming a strategic capability equivalent to signals intelligence, no serious nation-state can afford to depend entirely on foreign tools for its own security posture.
The US-China Cyber Backdrop
This announcement does not exist in a vacuum. The US and China have spent years accusing each other of conducting offensive cyber operations against critical infrastructure, and both accusations have often been supported by credible evidence.
The US government has attributed a range of high-profile intrusions to Chinese state-sponsored groups, including campaigns targeting telecommunications infrastructure, government networks, and defence contractors. China, meanwhile, has documented what it says are systematic CIA and NSA operations against Chinese aviation, energy, scientific research, and government systems, with 360 playing a central role in identifying and publicly attributing those campaigns. Zhou has claimed that 360 has now uncovered 54 overseas state-level hacking groups, and that the company's ability to identify US intelligence operations against China is the real reason it landed on American sanctions lists.
Whatever the full truth of that history, the pattern it creates is a world where each major power is actively probing the other's infrastructure, and where having superior tooling to find and exploit vulnerabilities is increasingly understood as a component of national power rather than a purely commercial security concern. Into that context, an announcement that China has built an AI-powered vulnerability discovery system is not just a technology story. It is a signal about how China views the next phase of the competition.
The Verification Problem
There is something important to say about the limits of what we actually know here.
Zhou's claims about Tulongfeng cannot be independently verified. The 3,432 vulnerabilities 360 says it has found, the 105 confirmed by Chinese authorities, the claim of Mythos-equivalent operational capability: all of these rest entirely on 360's own reporting. Reuters, which covered the ISC.AI presentation directly, noted it could not independently verify the claims.
This is not unique to 360. Anthropic's claims about Mythos have also been based primarily on its own red team reporting and third-party contractors it hired to evaluate its findings. The broader challenge with AI-powered security tools is that the most compelling demonstrations of capability are also the ones that are hardest to share publicly without providing a roadmap for attackers. So both sides of this competition are making claims about what their systems can do that outsiders have limited ability to evaluate.
What can be said is that 360 has a long track record in the cybersecurity space, genuine vulnerability discovery expertise built over two decades, and access to the kinds of specialised databases and domain knowledge that matter for this kind of work. The agent architecture Zhou described, combining model capabilities with existing expertise and tooling rather than relying purely on raw model performance, is a technically coherent approach. And the fact that the company is being explicit about the capability gap between its underlying models and American ones, rather than claiming full parity, actually lends some credibility to the overall framing.
Will the Public Ever Get Access?
The question that sits at the end of all of this is the same one that sits at the end of the Mythos story: who gets access to these tools, and on what terms?
On the American side, access to Mythos is currently restricted to approximately 40 trusted organisations through Project Glasswing. Anthropic has framed this as responsible stewardship of a dangerous capability, though as we noted in our earlier coverage, the exclusivity also serves significant commercial and regulatory positioning purposes ahead of the company's planned IPO.
On the Chinese side, Zhou gave no clear indication of how widely Yitian Tulong would be deployed. The framing throughout the ISC.AI presentation was national and strategic. Vulnerability-finding AI was described as a national strategic asset. The entire rationale for building it was framed around China's need to defend its own critical infrastructure and avoid one-way transparency. None of that language suggests a broad commercial release to individual users or small businesses.
The more likely trajectory, on both sides, is that AI-powered vulnerability discovery tools remain the exclusive province of governments, large enterprises, and carefully vetted security organisations for the foreseeable future. The dual-use nature of these tools, the fact that the same capability that finds vulnerabilities for defence can be repurposed to attack, means that every serious state actor has strong reasons to control access tightly. In that sense, Tulongfeng and Mythos may end up being more similar in their deployment model than they are different in their technical architecture.
What This Means for the Rest of the World
The emergence of Yitian Tulong, whatever its actual capabilities turn out to be, marks an important moment in the geopolitics of AI-powered cybersecurity.
It confirms that AI-driven vulnerability discovery is now understood globally as a strategic capability, not just a commercial security product. It confirms that the US-China technology competition is expanding into offensive and defensive cyber tooling at the AI layer, not just at the chip and model level. And it confirms that the access restrictions and export controls the US has placed on its own frontier models are accelerating exactly the kind of domestic development they were arguably designed to slow down.
There is a paradox at the heart of the American strategy here. By restricting China's access to cutting-edge chips and by keeping Mythos locked behind a small circle of approved partners, the US has created strong incentives for China to build its own equivalent capabilities, through whatever architectural workarounds the hardware constraints allow. Whether Tulongfeng is genuinely equivalent to Mythos today is uncertain. That China will keep investing until it is, or until it finds an approach that makes the comparison irrelevant, seems essentially certain.
For the rest of the world, particularly governments and organisations that currently depend on US-controlled AI infrastructure, the strategic lesson is becoming harder to ignore. The Fable 5 shutdown showed that US export controls can disable globally deployed AI products overnight. The Yitian Tulong announcement shows that the alternative is building or aligning with tools that come with a different set of dependencies and a different set of geopolitical strings attached. Neither option is without risk. But the era of treating AI infrastructure as a purely commercial vendor selection decision, rather than a sovereignty question, is drawing rapidly to a close.
The heavenly sword and the dragon saber have been drawn. The question now is not whether this competition will intensify. It is whether any framework for international norms around AI-powered cyber capabilities will emerge before the tools on both sides become significantly more capable than anything the world has seen so far.
Comments