A Chinese cybersecurity firm has announced what it claims are domestically developed AI tools capable of matching the capabilities of Anthropic's Mythos, a frontier model that has drawn significant attention for its advanced cybersecurity applications. The announcement signals an escalating technological rivalry between the US and China in the domain of AI-powered cyber defence.
What Was Unveiled
The announcement was made by Zhou Hongyi, founder of 360 Security Technology, at the ISC.AI 2026 cybersecurity conference in Beijing. The company unveiled two tools under the collective banner "Yitian Tulong" — a reference meaning "Heavenly Sword and Dragon Saber" from a classic Chinese martial arts novel.
The first tool, Tulongfeng, is an automated software vulnerability discovery system that Zhou described as "China's version of Mythos." The second, Yitianzhen, is an automated cyber defence and incident response system.
Zhou portrayed the AI tool as a strategic national asset, warning against a scenario where U.S. firms possess advanced vulnerability-detection capabilities while Chinese companies lack comparable access. He argued that such powerful technology should not be monopolised by any single country.
360 Security Technology says Tulongfeng has identified 3,432 software vulnerabilities, including 105 confirmed by Chinese authorities. However, the company acknowledges that Chinese AI models still lag behind their U.S. counterparts by 20–30%, relying instead on a combination of AI, cybersecurity expertise, and automated tools to bridge the gap.
Anthropic's Mythos is not publicly available and remains accessible only to a small number of trusted organisations as part of a controlled research programme. China's decision to publicly benchmark against it, by name, reflects how the model has become a reference point in the global AI security conversation, even before wide release.
For policymakers and security researchers watching the US-China technology divide, the 360 announcement is a data point worth tracking: not because the tools have been independently verified, but because the intent behind them has been stated explicitly and at scale.
