Chinese AI Now Matches U.S. Leaders on Cybersecurity Bug-Finding, and the Gap Is Still Closing

Since this outlet's June 28 coverage of GLM-5.2's open-weight release, additional benchmark data and a second Chinese tool have sharpened the picture of where China now stands in AI-powered cybersecurity.

What the Benchmarks Actually Show

Cybersecurity company Semgrep tested Zhipu AI's GLM-5.2 against Anthropic's Claude Opus 4.8 and found GLM-5.2 outperformed Opus 4.8 on some bug-finding tests, according to the Wall Street Journal. Researchers also found that with additional prompting, both Opus 4.8 and GLM-5.2 can match Anthropic's flagship Mythos model in identifying software vulnerabilities.

GLM-5.2 is not a clean sweep over U.S. models. It still trails Anthropic and OpenAI in other capability categories. But in the specific, high-stakes domain of finding exploitable software flaws, the gap has effectively closed under certain conditions.

On Wednesday, June 25, Chinese cybersecurity firm 360 Security Technology unveiled a separate bug-finding tool called Tulongfeng. The company said it performs on par with Mythos. A second Chinese organization made the same claim within days.

Who's Saying What

Lior Div, CEO of cybersecurity company 7AI, told the Wall Street Journal: "China is making sure that the gap becomes smaller and smaller over time."

Guillermo Rauch, CEO of U.S.-based AI firm Vercel, posted on X this month: "Genuinely impressed, almost shocked, at how good GLM 5.2 by @zai_org is at coding. This changes things."

Zhou Hongyi, CEO of 360 Security, said at a cybersecurity conference in Beijing that "this kind of powerful weapon that can alter the landscape of cyberwarfare can't remain solely in American hands." Zhou argued China faces unacceptable risk if U.S. organizations can scan critical Chinese networks with advanced AI while Chinese firms lack equivalent tools.

The Open-Weight Problem

GLM-5.2 is an open-weight model. Anyone can download it, run it on their own hardware, and modify it without oversight or licensing controls. This differs fundamentally from how Anthropic's or OpenAI's models work.

For legitimate organizations, open-weight means flexibility and cost savings. For bad actors, it means a powerful vulnerability-scanning tool with no guardrails and no visibility into who is using it or how. The U.S. government has imposed restrictions on releasing advanced AI models domestically, but those restrictions do nothing to contain an open-weight Chinese model already available for download.

According to OpenRouter, which tracks usage across more than 400 AI models, GLM-5.2 already ranks among the 10 most-used AI systems globally.

The Strongest Counterargument

Skeptics of alarm point out that benchmark performance on controlled bug-finding tasks does not equal real-world offensive capability. Bug-finding benchmarks are reproducible and optimizable, and companies have incentives to publish favorable results. GLM-5.2 still trails U.S. frontier models in broad capability evaluations, and "on par in some scenarios" is not the same as "superior across the board." Critics of the national security framing would also note that open-weight models are used overwhelmingly by developers and researchers, not state-sponsored hackers who already have purpose-built tools.

Benchmark parity in a narrow domain is not the same as strategic parity.

The domain in question, however, is finding exploitable software flaws at scale, which is precisely the capability that determines who patches vulnerabilities first and who gets exploited first. Narrowing the gap there carries outsized strategic weight.

The Adoption Pressure

Cheap, capable Chinese AI models are pulling U.S. customers, according to the Wall Street Journal. Microsoft is among the companies reportedly considering integrating Chinese systems into its platforms. If that happens at scale, the national security debate stops being theoretical.

The U.S. government has not yet issued specific restrictions on enterprise adoption of Chinese open-weight models, leaving that decision to individual companies with no consistent federal guidance.

The unresolved question: if an American company integrates GLM-5.2 or a comparable Chinese open-weight model into a security pipeline, and that model flags vulnerabilities in sensitive infrastructure, who owns that data and who else can see it? No federal policy currently answers that.