China's Z.ai claims GLM-5.2 matches Mythos on cybersecurity bugs

Zhipu AI (Z.ai) has released GLM-5.2, an open-weight large language model that researchers claim matches Anthropic's Mythos in cybersecurity bug-finding scenarios. While GLM-5.2 trails behind Anthropic and OpenAI models on general reasoning tasks, it has significantly narrowed the gap in vulnerability detection—a domain the US government views as a critical national security concern. The Trump administration has worked to restrict China's access to advanced models like Mythos and the hardware needed to train them, but GLM-5.2's open-weight nature allows anyone to download and run it on readily available hardware, bypassing export controls.

This democratization of powerful AI for cybersecurity raises dual-use risks: power users can customize it for defensive or offensive purposes, while bad actors can operate it with minimal oversight. The development parallels concerns over OpenAI's GPT-5.6, which also prompted access restrictions. Z.ai's achievement signals that despite US chip bans, China is closing the AI capability gap—particularly in high-stakes domains like software vulnerability discovery. Policymakers now face the challenge of balancing innovation against potential abuse of open-weight models.