GLM-5.2 matches Mythos in cybersecurity: China closes the gap on AI's most sensitive front
Zhipu AI has released GLM-5.2, an open-source model that, according to researchers, matches Anthropic's Mythos in vulnerability detection. The gap on general tasks persists, but China has chosen the flank where falling behind is least convenient.
By Momentum IA · June 28, 2026.
Zhipu AI, the Chinese firm known commercially as Z.ai, has released GLM-5.2 as an open-weights model. The news isn't that it's a competitive model in general terms —in general-purpose benchmarks it still trails Anthropic and OpenAI— but rather where it has chosen to plant its flag: in bug detection and offensive cybersecurity scenarios, some researchers claim GLM-5.2 stands on par with Mythos, the Anthropic model the Trump administration has gone as far as to label a national security threat. The administration also mentions Fable as another restricted model. Coinciding with this release, OpenAI has unveiled GPT-5.6, which has generated controversies of its own over its potential for misuse.
The central data point deserves to be read precisely: the researchers making this comparison do not claim GLM-5.2 is superior, nor even equivalent across the full range of capabilities. What they point to is functional parity in a very specific subdomain —finding vulnerabilities in code— which happens to be exactly the one that most worries governments. In strategic terms, that nuance changes everything. It doesn't matter that a model loses out on mathematical reasoning or reading comprehension if it can locate a vulnerability in critical infrastructure as effectively as the Western state of the art.
The fact that GLM-5.2 is open-weights multiplies the impact of this parity. Unlike Mythos or GPT-5.6, which are distributed under controlled access and subject to layers of monitoring, GLM can be downloaded and run locally on commercially available hardware. This means any actor —state, organized crime or independent researcher— can use it without passing through any acceptable-use filter. Open weights have undeniable advantages for the research community and for countries with fewer resources, but they turn every capability advance into an immediate proliferation risk. The dilemma between openness and security that has been debated in the abstract for years becomes very concrete here.
Our reading is that this episode illustrates a dynamic that will keep recurring: Washington's efforts to slow Chinese development through export restrictions on chips and models are not halting convergence, but rather altering its pace and form. China has not matched the leaders at the general performance frontier; it has chosen to specialize where the gap can no longer be politically ignored. That suggests a deliberate strategy of capability targeting, not simply a race to follow in the West's wake.
As sector context, the cybersecurity AI competition is one of the few domains where governments have responded with concrete measures. The fact that those measures —hardware export controls, restricted access to frontier models— have not prevented the reported parity should force an honest review of their real effectiveness.
Over the long term, the same vulnerability-detection capabilities that today generate geopolitical alarm are the ones that could make digital infrastructure a radically safer environment: models that find bugs before malicious actors exploit them carry enormous defensive value. The tension is that this dual potential —offensive and defensive— is inseparable. The transition toward that better scenario runs through a phase of real uncertainty and risk, and this release is a reminder that this phase is not hypothetical.