There’s a reason the US government pulled Mythos specifically out of circulation: the model is exceptionally good at finding software vulnerabilities. That exact capability now has a Chinese rival.
Two tools, one message
Chinese cybersecurity firm 360 has unveiled two AI tools. Tulongfeng is built to automatically discover security flaws in software. Yitianzhen is built to automate cyber defense and incident response. According to reports, 360 positions Tulongfeng explicitly as a counterpart to Anthropic’s Mythos.
The launch came with a pointed message. According to Reuters, 360 founder Zhou Hongyi described vulnerability-finding AI as a ‘national strategic asset.’ And he warned of what he called ‘one-way transparency’ — a situation where some actors hold advanced vulnerability-detection capabilities while others don’t.
The uncomfortable symmetry
That’s the exact logic Washington used to justify its ban. Mythos and Fable 5 have been blocked for non-Americans since mid-June, because their cyber capabilities are deemed too dangerous to make freely available. Zhou flips the same argument: whoever has the better tools for finding flaws holds an advantage — so China isn’t going to sit and watch that advantage stay one-sided.
While Sakana in Tokyo framed its Fugu launch as a hedge against lock-in, 360 isn’t hedging. This isn’t about resilience — it’s about an arms race. Offensive vulnerability hunting and automated defense are two sides of the same coin, and both now run on AI.
My take
This is the part of the story that gives me the most pause. With Sakana, you can talk about architecture and elegance. With 360, we’re talking about tools whose main purpose is to find holes in other people’s software — automated, at scale.
That dual-use nature is what makes the whole debate so thorny. The same capability a defender uses to harden their own software helps an attacker break into someone else’s. Export controls are meant to slow one side down — but they don’t stop the other side from building the same thing themselves. The Mythos block didn’t prevent these models from existing. It only shifted who controls them.
And that may be the most sobering lesson of the week: for a technology you can rebuild with a few thousand GPUs, a ban isn’t a lock. At best, it’s a head start that runs on a clock.
Sources: