At a cybersecurity conference in Beijing, 360 Security Technology introduced two new artificial intelligence security products and presented one of them as China’s answer to Anthropic’s Mythos, describing vulnerability discovery as a strategic capability that the country cannot be without.
Speaking at the ISC.AI 2026 event, 360 founder Zhou Hongyi announced the tools under the collective name "Yitian Tulong", a phrase drawn from a classic Chinese martial arts novel meaning "Heavenly Sword and Dragon Saber". He described the first system, Tulongfeng, as an automated vulnerability-discovery engine and explicitly referred to it as "China’s version of Mythos". The second system, Yitianzhen, was presented as a platform for automating cyber defence operations and incident response.
Zhou framed vulnerability-finding AI as a powerful instrument that reshapes the balance between cyber attack and defence. "This kind of powerful weapon that can change the landscape of cyber offence and defence cannot be held only by others," he said, according to a transcript released by 360. He added that such capabilities could be applied both to protect critical infrastructure and to secure an offensive edge.
The announcement represents the highest-profile Chinese response so far to Anthropic’s Mythos model. Mythos, which was previewed in April, is a system that cybersecurity professionals say can detect software vulnerabilities at scale. That capability has prompted concern in multiple capitals and within the cybersecurity community because of its potential to accelerate cyberattacks. Anthropic said the Mythos Preview had uncovered "thousands" of major vulnerabilities across operating systems, web browsers and other software. The U.S. government has ordered Anthropic to suspend exports of a less powerful version of the programme worldwide and to all foreign nationals, citing national security concerns.
Zhou said 360’s Tulongfeng had found 3,432 software vulnerabilities, of which 105 had been confirmed by Chinese authorities. The company’s claims were presented at the conference; Reuters could not independently verify those findings.
China and the United States have a long history of mutual accusations regarding offensive cyber operations aimed at critical infrastructure. That tense backdrop has sharpened attention on advanced tools that can map weaknesses in widely used software and systems.
Zhou argued that the prospect of "one-way transparency" posed a strategic risk if foreign actors could use Mythos-like models to scan software and critical systems while Chinese entities were denied similar tools. State media in China has characterised Mythos as presenting "unprecedented cyberattack capabilities", and Zhou’s comments reflect that unease. Zhou is also a member of China’s top political advisory body.
In discussing the development pathway for domestic systems, Zhou noted the role of U.S. export controls on advanced chips. He said those measures, tightened since 2022, have constrained Chinese access to cutting-edge U.S. processors and limited progress by domestic models compared with some American peers, though he acknowledged the gap had narrowed since last year.
"Objectively speaking, domestic models still have a 20%-30% gap in base capability," Zhou said. "China cannot wait until model capabilities have fully caught up before starting vulnerability discovery, because we cannot afford to wait."
Rather than attempting to match competitors solely by raw model scale and chip power, Zhou said 360 was pursuing what he described as an "agent" approach. That strategy pairs AI models with security expertise, vulnerability databases and automated tooling. He argued this integrated route was one only 360 had successfully deployed and that it gave Tulongfeng "Mythos-equivalent capabilities."
Zhou used an analogy to distinguish the two approaches: "If Mythos is a top-end chip, what we are building is a complete machine that can run stably, work 24 hours a day and make fewer mistakes," he said. "If the U.S. route is to cultivate a genius hacker, 360’s route is to organise a professional attack-and-defence team."
The 360 founder also pointed to prior incidents involving AI systems. Anthropic previously said hackers had exploited vulnerabilities in its Claude AI to target roughly 30 organisations around the world. A separate industry survey cited a high incidence of AI-targeted attacks, with 67% of 1,000 executives saying they had been targeted by AI attacks in the prior year, a statistic cited at the conference.
360’s history dates to its origins as an antivirus software provider, after which it expanded into enterprise and government security services. Zhou has been a prominent entrepreneur and commentator in Chinese technology circles.
Verification note: the numerical claims about vulnerabilities and the company’s assessment of comparative capabilities were presented by 360 at the conference and are reported here as stated. Independent verification of the vulnerability counts was not available at the time of the presentation.