China's most prominent cybersecurity company — which the U.S. government has sanctioned, barred from American technology, and designated a Chinese military company — unveiled two AI-powered vulnerability hunting tools on June 28, 2026, at the ISC.AI 2026 conference in Beijing, framing them explicitly as a strategic deterrent against Anthropic's Claude Mythos. What founder Zhou Hongyi did not address in his speech is what Chinese law requires of any vulnerability his system finds: it must be reported to a Beijing government agency within 48 hours — before the affected software vendor can be notified, and before any public disclosure.

China's Sanctioned Cyber Giant Claims a Mythos-Level Rival

Qihoo 360 Security Technology was placed on the U.S. Commerce Department's Entity List in May 2020, on the grounds that it represents a significant risk of supporting procurement of items for military end-use in China. In October 2022, the Defense Department added it to a separate list of Chinese military companies operating in the United States. Its founder, Zhou Hongyi, has argued that the sanctions came because his company exposed CIA and NSA hacking operations targeting China over the previous decade — a characterization the U.S. government has not confirmed.

That context is the backdrop against which Zhou presented the company's two new tools: Tulongfeng (屠龙锋, "Dragon-Slaying Blade"), which autonomously hunts for software vulnerabilities, and Yitianzhen, which automates defensive cyber operations and incident response. Together, they are marketed under the banner "Yitian Tulong," a name drawn from a classic Chinese martial arts novel in which a pair of legendary weapons grants their possessor supreme combat power.

Tulongfeng has flagged 3,432 vulnerabilities since deployment, Zhou said. Of those, 105 have been confirmed by Chinese government authorities. Qihoo 360 has not released independent benchmarks, and the 3,432 figure has not been verified by any named third party.

How Tulongfeng's Multi-Agent Swarm Works

Zhou openly acknowledged that China's top AI models still trail Western frontier systems by 20 to 30 percent in raw capability. Rather than trying to close that gap by competing on compute or chip access — a race Qihoo 360 cannot win while under U.S. technology export restrictions — the company built around it.

Tulongfeng operates not as a single AI model but as a swarm of specialized agents, each assigned to a discrete phase of the vulnerability research pipeline. When the system is given a software target, one cluster of agents models the threat landscape and filters high-risk attack surfaces. A second cluster tracks data flows across code files, looking for points where user-controlled input could reach a dangerous code path. A third cluster automatically constructs sandbox environments, generates candidate exploit code, and tests it against a live-running copy of the software. Only vulnerabilities that survive this end-to-end confirmation pass are reported — meaning the output is confirmed rather than merely suspected, in Zhou's framing.

The economic logic behind this architecture is straightforward: 20 years of proprietary threat intelligence, a large malware database accumulated through Qihoo 360's antivirus products, and domain-specific models trained on historical exploit patterns can substitute for raw model power on narrowly-defined security tasks. "If the American approach is about cultivating a genius hacker, the 360 approach is about organizing a professional attack-and-defence team," Zhou said.

The tradeoff is real, and Eugenio Benincasa, a senior researcher at the ETH Zurich Center for Security Studies who has analyzed Qihoo 360's capabilities in depth, named it plainly. He concluded that Qihoo's AI capabilities, while significant, "do not yet appear to match the reasoning capabilities described for Claude Mythos." A closer technical comparison, Benincasa suggested, is Google's Big Sleep, which accelerates discrete phases of vulnerability research rather than operating as a fully autonomous agent across an entire codebase.

The Deterrence Framing — and Why It Does Not Hold

Zhou's central argument is a Cold War analogy: nuclear deterrence prevented direct superpower conflict because both sides had the same devastating capability. China, he argued, faces an analogous situation in AI-powered cybersecurity — Anthropic's Mythos gives the United States the ability to scan global software infrastructure for exploitable weaknesses, while China, cut off from Mythos by the recent export control order, remains blind.

"Why has there never been a real nuclear war? Because both sides had nuclear weapons and deterred each other. The same is true in cybersecurity," Zhou said. A weapon "that can shift the entire balance of attack and defense must not be left solely in the hands of others."

The analogy is strategically useful for Qihoo 360's positioning. It is also structurally wrong in a way Zhou did not acknowledge.

Nuclear deterrence rests on symmetry: neither side discloses its weapons to the other. Tulongfeng's zero-day discoveries do not work this way. Under China's Data Security Law and associated cybersecurity regulations enacted between 2017 and 2021, companies and researchers operating in China are legally required to report discovered vulnerabilities to the Ministry of Industry and Information Technology within 48 hours of discovery. Disclosure to the affected vendor or to the public may not come first.

The practical consequence is not deterrence but an intelligence pipeline. Every zero-day Tulongfeng confirms — every Windows kernel flaw, every Office remote-code execution bug, every unpatched vulnerability in widely-deployed software — is legally required to become a Chinese government asset within two days. The information then enters a system over which the Chinese government, not Qihoo 360, controls what happens next: whether the vulnerability is disclosed to the vendor, retained for intelligence use, or exploited offensively.

Benincasa described exactly this dynamic: China's vulnerability disclosure requirement effectively channels zero-day discoveries to state intelligence, and the Chinese government's wide-reaching domestic authority may give its AI capabilities greater operational impact — not because Tulongfeng is more powerful than Mythos, but because the institutional pipeline it feeds into has no independent check on how its findings are used.

China's Legal Framework Gives the Government First Access to Every Find

Three laws establish the framework that governs how Qihoo 360's AI discoveries are handled.

China's National Intelligence Law (2017) requires, under Article 7, that all organizations and citizens shall support, assist, and cooperate with national intelligence efforts in accordance with law. This obligation applies to Qihoo 360 regardless of any stated defensive intent.

China's Cybersecurity Law (2017) requires, under Article 28, that network operators shall provide technical support and assistance to public security organs and national security organs. It also mandates cooperation with government inspections of networks, enabling access to stored data.

China's Data Security Law (2021) and associated cybersecurity incident regulations establish the 48-hour vulnerability disclosure requirement to the MIIT. Under these regulations, cybersecurity companies are required to report newly-discovered vulnerabilities to the government before public disclosure — a timeline that can give Chinese intelligence agencies priority access to zero-day information before vendors are notified or patches are developed.

These are not contested claims about potential misuse. They are the written law in China, applicable to all companies operating there, including those that claim purely defensive missions.

What the Claims Are Actually Worth

The 3,432 vulnerability figure comes from Qihoo 360 alone. Unlike Anthropic and OpenAI, which have published third-party-reviewed benchmarks for their cybersecurity models, Qihoo 360 has released no independent evaluation of Tulongfeng's performance.

Some specific claims are already in dispute. Benincasa's April 2026 analysis of Qihoo 360's prior vulnerability claims noted that Microsoft credited researchers from Taiwan and South Korea, not Qihoo 360, with discovering CVE-2026-24293, a Windows kernel vulnerability that Zhou had included among his company's AI-assisted discoveries. The Register's coverage of the June 28 announcement noted that Zhou's claim of finding flaws in OpenClaw — Anthropic's publicly available coding tool — was a feat that human researchers have also achieved, placing it below the threshold of novel AI capability.

Tulongfeng claimed credit for a Windows kernel privilege escalation vulnerability dormant for five years, an Office remote code execution flaw dormant for eight years, and an Excel vulnerability dormant for ten years, with Microsoft having confirmed the discoveries. Independent journalists have not yet confirmed whether Microsoft's confirmation extends to Tulongfeng's AI specifically or to prior Qihoo 360 team research more broadly.

Is China Actually Closing the Gap?

Separately from Qihoo 360's specific claims, broader evidence suggests China's AI-assisted vulnerability research is maturing. Benincasa's earlier analysis, published in April 2026, documented that Qihoo 360's digital security division won first place at the Tianfu Cup — a major Chinese exploit competition revived in 2026 — and attributed roughly half of its total near-1,000 vulnerability count to its multi-agent system. He described this as pointing to the maturation of underlying capabilities, even if individual claims require verification. "AI is moving from an auxiliary tool to something closer to a scalable engine for vulnerability research, and firms like 360 are well positioned to push that forward in China," Benincasa wrote.

Jie Tang, a Tsinghua University professor and founder of Z.ai, said this week that he expects a Chinese AI model reaching Mythos-level capability to arrive before the first quarter of 2027 — a timeline that, if accurate, would represent a significant compression of what most observers estimated earlier this year.

The Five Eyes intelligence alliance published a warning during the same week as Qihoo 360's announcement, cautioning that adversaries could begin using AI to conduct sophisticated cyberattacks within months rather than years.

What Defenders Should Know Now

For security professionals and organizations responsible for software infrastructure, Qihoo 360's announcement has practical implications regardless of whether Tulongfeng matches Mythos today.

The multi-agent vulnerability discovery approach — where specialized AI agents collaborate through a pipeline from attack-surface mapping to automated exploit confirmation — is no longer the exclusive method of frontier Western AI labs. The architecture Zhou described is technically feasible with current AI capabilities and domain-specific training data. Any organization that assumed this approach required frontier-scale compute was already operating on a flawed threat model.

China's mandatory vulnerability disclosure law means the operational question for defenders is not whether Qihoo 360's AI can find the same bugs Mythos can, but how quickly the Chinese government knows about them if it does. The answer, under current law, is within 48 hours of discovery, before any vendor notification or coordinated disclosure.

Zhou's coalition of Chinese cybersecurity companies building around Tulongfeng's platform — explicitly framed as a parallel to Anthropic's Project Glasswing — means the vulnerability pipeline, if it proves effective, will be amplified across multiple organizations sharing a common government disclosure obligation.

Frequently Asked Questions

Is Qihoo 360 Tulongfeng actually as capable as Anthropic's Mythos?

Independent security researchers have not confirmed this. Eugenio Benincasa, a researcher at the ETH Zurich Center for Security Studies, concluded in April 2026 that Qihoo 360's AI vulnerability capabilities, while significant, did not yet match the autonomous reasoning described for Mythos. Some of Qihoo 360's specific vulnerability claims were disputed: Microsoft is credited by other sources with discoveries that Qihoo attributed to its AI. What the June 28 announcement confirms is that the multi-agent architecture underlying Tulongfeng is real and functional — capable of finding confirmed, exploitable vulnerabilities in widely-deployed software. Whether it operates at Mythos's scale or precision cannot be judged from available evidence.

Why does China's vulnerability disclosure law matter for a tool Qihoo 360 says is defensive?

Under China's Data Security Law and related cybersecurity regulations, any organization operating in China that discovers a software vulnerability is required to report it to the Ministry of Industry and Information Technology within 48 hours — before telling the affected vendor or making any public disclosure. This applies to Qihoo 360 regardless of whether Tulongfeng is described as a defensive security tool. Every zero-day the system confirms becomes a government asset within two days. The Chinese government then decides whether to forward it to the vendor, retain it for intelligence use, or deploy it offensively. That structure makes the "cyber deterrence" framing Zhou used analytically different from nuclear deterrence, where neither side discloses its capabilities to the other.

What are the US sanctions on Qihoo 360, and are they still active?

Yes. The U.S. Commerce Department added Qihoo 360 to its Entity List in May 2020, citing the company's significant risk of supporting procurement of items for military end-use in China. This bars the company from receiving U.S. technology without specific government approval. In October 2022, the Defense Department separately designated Qihoo 360 a Chinese military company operating in the United States. Both designations remain active. The company has disputed the characterization, arguing it was sanctioned because it exposed U.S. intelligence operations targeting China. The U.S. government has not confirmed that account.

What is the connection between the Fable 5 export ban and Qihoo 360's announcement?

Zhou pointed directly to the U.S. Commerce Department's June 2026 export control directive — which suspended Anthropic's Fable 5 and Mythos 5 for all foreign nationals — as the strategic context for his announcement. He described Fable 5 as a civilian, restricted version of Mythos and argued that the export ban proves Washington views AI-powered vulnerability hunting as a strategic monopoly to be protected. Whether the timing of Qihoo 360's announcement was coordinated with the export ban or simply opportunistic is not known, but Zhou explicitly named it as the geopolitical trigger for why China must build its own equivalent.