🇨🇳 vs 🇺🇸 | China has just presented its response to Mythos, the AI from Anthropic that automatically detects vulnerabilities in software. Its name: Tulongfeng, unveiled in Beijing by the cybersecurity company 360 Security.

The most interesting part isn’t the tool itself, but what its founder Zhou Hongyi openly admits: Chinese models are still 20 to 30% behind those in the United States, largely due to US restrictions on chips since 2022.
His strategy, therefore, is not to try to have the most powerful model, but to make up for it in other ways. Rather than using a single AI, 360 has a less advanced model work alongside huge databases of already known vulnerabilities and automated analysis tools—everything running continuously. His analogy captures the idea well: if Mythos is a high-end chip, they are building a complete machine that runs 24 hours a day and makes fewer mistakes. One side is the brilliant hacker; the other is the organized team.
The results claimed by 360, without independent external validation: 3,432 vulnerabilities detected, including 105 confirmed by Chinese authorities.
Zhou’s justification is purely geopolitical. According to him, a weapon capable of reshuffling the cards between cyber attack and defense cannot remain solely in the hands of others. In plain terms, Pékin fears seeing American AIs scan Chinese systems without being able to do the same in return.
What is emerging is less a race for the best model than a race to industrialize large-scale vulnerability detection the most effectively. Once these tools are perfected on both sides, what guarantees they will be used to fix code rather than to attack it?