Chinese AI models are no longer just chasing U.S. systems in broad benchmarks; in some cybersecurity tasks, they are already close enough to be annoying. That is the uncomfortable takeaway from new reporting that says Z.ai’s Zhipu A model can match Anthropic’s Mythos in vulnerability discovery, even if it still trails Anthropic and OpenAI models in other work.
The bigger story is not a single score. It is that the gap between leading American and Chinese AI systems has narrowed enough that companies such as Microsoft are said to be considering whether to offer Chinese models on their platforms. For security teams, that is both a pricing-and-performance question and a classic open-door dilemma: the same openness that makes these models easy to adopt also makes them easier to misuse.
Zhipu A and GLM-5.2 in cybersecurity tests
Researchers cited in the report say Z.ai’s newer model can hold its own against Mythos in spotting flaws, while Semgrep found that GLM-5.2 outperformed Anthropic’s Claude Opus 4.8 in some performance tests. OpenRouter, which gives access to more than 400 AI models, says GLM-5.2 is among its ten most-used systems, a reminder that ”open” usually wins adoption before it wins policy debates.
That open status is the sharpest edge here. Unlike closed models from Anthropic or OpenAI, GLM-5.2 can be used and modified without the kind of control gates vendors like to talk about, which is great for developers and less cheerful for anyone worrying about offensive security use. This is the same pattern the industry keeps repeating: the tools that spread fastest are often the hardest to contain.
- Z.ai’s GLM-5.2 is described as open and widely used
- It has been said to beat Claude Opus 4.8 in some tests
- With extra instructions, researchers think it may approach Mythos on bug finding
Why cybersecurity vendors are paying attention
The pressure is not coming only from China. In the U.S., authorities are trying to limit access to domestic frontier models for cybersecurity reasons, while OpenAI said access to GPT-5.6 will be restricted under a recent presidential order focused on safety and oversight. The company also said those limits are not meant to be permanent in every case, which is bureaucratic speak for ”we’ll adjust this later if we have to.”
China’s own security firms are moving fast too. Last week, 360 Security Technology released Tulongfeng, a vulnerability-finding tool it says is comparable to Mythos, and that is exactly the kind of announcement that makes national-security officials sit up straighter. The underlying race is obvious: if AI can find bugs faster, it can also help attackers weaponize them faster, and the first side to industrialize that advantage gets a very loud head start.
The next fight is access, not just capability
The model-vs-model comparison is becoming less useful than the distribution battle around it. If Microsoft and other platforms do make room for Chinese models, adoption could accelerate well beyond the lab, but regulators are likely to question how much openness is too much when the use case is security tooling. The more these systems converge on performance, the more the argument shifts from ”who is best?” to ”who gets to use what, and under what rules?”
That is where the next surprise is likely to come from: not another benchmark headline, but a policy move that decides whether these models stay niche, go mainstream, or get boxed in before the security community figures out which side of the fence it wants to stand on.

