China's 360 Security Claims Mythos Rival After Export Ban

China's largest cybersecurity firm has declared it built a homegrown rival to Anthropic's Mythos — the AI model the US government just placed under export controls. The claim deserves scrutiny: the company's own founder conceded a significant capability gap and described an engineering workaround, not a benchmark result.

The Mythos Timeline That Triggered Beijing's Response

Anthropic's Mythos became one of the most consequential and contested AI releases of 2026 in a matter of weeks. The model's existence became publicly known on March 26, 2026, through leaked blog post drafts. Anthropic later acknowledged its development to Fortune and said it presented significant risks to cybersecurity. Anthropic publicly disclosed Mythos on April 7, stating it had no plan to release it to the public, and instead launched Project Glasswing — a consortium of companies using Mythos to find and fix software vulnerabilities, with over forty organizations granted access, including Microsoft, Apple, Google, Amazon Web Services, the Linux Foundation, Cisco, Nvidia, and Broadcom.

The scale of what Mythos uncovered in testing rattled governments. Anthropic CEO Dario Amodei warned in early May that an earlier model had found roughly 20 vulnerabilities in Firefox; Mythos found nearly 300, with the total count across all software running into the tens of thousands. Two weeks after limited release, Mozilla announced it had found and patched 271 security vulnerabilities in Firefox using Mythos Preview.

The policy response was immediate. On June 12, Anthropic disabled customer access to both Mythos and Fable to comply with a US government order suspending all use by foreign nationals, including Anthropic employees themselves. On June 26, the US government allowed Anthropic to restore Mythos access to select companies and organizations under new safeguards, though Fable remained under the export ban.

The chart below maps how quickly the situation moved from disclosure to controlled restriction.

What 360 Security Actually Claimed — and What It Conceded

At the ISC.AI 2026 conference in Beijing — an event organized by Qihoo 360 itself — founder Zhou Hongyi introduced two AI security tools under the banner "Yitian Tulong," a reference to a classic Chinese martial arts story. The first, Tulongfeng, targets automated vulnerability discovery in software. The second, Yitianzhen, focuses on cyber defense and incident response.

Zhou's framing was explicit about strategic motivation. He warned against the risk of what he called "one-way transparency" — the idea that US entities could use Mythos-like tools to probe software and critical systems while Chinese firms were denied similar capabilities — and positioned Tulongfeng as a matter of strategic parity as much as a technical achievement.

The parity claim, though, came with a significant caveat from Zhou himself. He acknowledged a 20–30% base-model gap between Chinese and US frontier models, and described a workaround: layering AI agents on top of existing security expertise, vulnerability databases, and automation pipelines. "China cannot wait until model capabilities have fully caught up before starting vulnerability discovery," Zhou said. His analogy captured the architectural difference plainly: "If Mythos is a top-end chip, what we are building is a complete machine that can run stably, work 24 hours a day and make fewer mistakes."

360 said Tulongfeng had found 3,432 software vulnerabilities, including 105 confirmed by Chinese authorities. Reuters said it could not independently verify the claims. That is an important qualifier. Qihoo 360 has no direct access to Mythos for comparison, and no third-party benchmark has placed both systems on the same test range.

The firm also carries significant regulatory context. US authorities have sanctioned Qihoo 360 on grounds that it probably supplies China's military. China's National Computer Virus Emergency Response Center often cites and publicizes the company's research.

The chart below places the two sets of claimed vulnerability figures side by side, with their evidentiary status labeled.

Why the Export Control Architecture Is Now the Real Battleground

The more consequential story here may not be whether Tulongfeng matches Mythos, but what the US export ban reveals about the structural challenge of controlling AI cybersecurity capabilities.

Because of the dual-use risk, Anthropic said it did not plan to make Claude Mythos Preview generally available. But restricting release only buys time. Chinese AI companies have repeatedly managed to match US frontier models within months — in part by distilling capabilities from those very models. Restricting access to Mythos may slow that process, but it will not prevent Mythos-class capabilities from becoming more widely available. At least one group has already gained unauthorized access to Mythos through one of Anthropic's vendors.

Amodei estimated a six- to twelve-month window for defenders to patch the vulnerabilities Mythos uncovered before rival labs field equivalent capabilities — some, potentially, without any safeguards at all. That timeline was acknowledged by Anthropic itself, not asserted by adversaries.

The UK AI Security Institute's testing adds a US-internal data point worth noting. The same UK AI Security Institute that evaluated Mythos found that OpenAI's GPT-5.5 matched it on the identical 32-step attack range — a second frontier model, from a different lab, clearing the same bar weeks later. If US allies are already reaching Mythos-class performance through conventional frontier development, the export control window is narrower than its architects may intend.

Qihoo 360's announcement fits this pattern without resolving it. The company's agent-based architecture — compensating for a weaker base model with specialized tooling and vulnerability databases — is a practical engineering path that does not require access to Mythos to pursue. For the open-weights models now available from Chinese labs, the base-model gap Zhou cited is also closing through publicly available training runs, not just distillation.

The three reference cards below summarize the key thresholds that frame how policymakers and security teams are reading this moment.

What matters for enterprise security teams and policy planners right now is not whether Tulongfeng is genuinely equivalent to Mythos — that claim is unverified and structurally difficult to test given that 360 has no direct access to Mythos for baseline comparison. What matters is that the incentive structure Zhou described — compensate for weaker base models with heavier specialized engineering — is reproducible by any well-resourced actor. The US export control buys time on the frontier model gap; it does not close the agentic-tooling path.

Anthropic's Glasswing program and its parallel work on AI agents for enterprise deployments represent one theory of how defenders use the window: get the patching done before rivals reach the same capability level with or without guardrails. Whether six to twelve months is enough depends on how quickly the open-source and state-backed engineering paths close the gap Zhou acknowledged — and on whether Fable's continued export suspension meaningfully slows any of them.