360 Unveils AI Tools To Match Anthropic's Mythos

Chinese cybersecurity firm 360 Security Technology announced two AI cybersecurity systems at the ISC.AI 2026 conference in Beijing, according to Reuters and a company transcript published by 360. Founder Zhou Hongyi introduced Tulongfeng, described by Zhou as "China's version of Mythos," and a second platform called Yitianzhen intended for automated cyber defence and incident response (Reuters; Insurance Journal). 360 told media outlets that Tulongfeng has identified 3,432 software vulnerabilities, including 105 confirmed by Chinese authorities (Economic Times). Zhou is quoted as saying, "This kind of powerful weapon that can change the landscape of cyber offence and defence cannot be held only by others," per Reuters and the company transcript.

Reporting describes Tulongfeng as an automated vulnerability-discovery system and Yitianzhen as a system for automating defence and incident response workflows (Reuters; Insurance Journal; Cryptopolitan). The public descriptions mirror functionality attributed to Anthropic's Mythos Preview, which Anthropic said in April had found "thousands" of vulnerabilities across operating systems and browsers (Reuters). Economic Times reported that 360 provided the specific vulnerability counts cited above; Reuters and other outlets covered Zhou's conceptual framing but did not publish technical architecture or model-size details for 360's systems.

Editorial analysis: Public coverage frames the announcements against a backdrop of heightened concern over vulnerability-discovery models. Reuters and other outlets report that the U.S. ordered limits on exports of a less powerful version of Mythos this month, citing national security, and that Anthropic has alleged large-scale model extraction efforts tied to Alibaba and its AI unit, citing a letter and data points sent to U.S. senators (Reuters; Economic Times). Those developments have surfaced alongside Zhou's argument that China needs comparable capabilities to avoid "one-way transparency," as reported by SCMP and Reuters.

Industry-pattern observations: Historically, capability advances that accelerate vulnerability discovery tend to trigger both policy responses (export controls, access restrictions) and an arms-race dynamic in defensive tooling. For practitioners, that pattern typically increases demand for hardened testing environments, provenance controls, and stricter red-team governance when vulnerability-finding tools are deployed.

• •Whether independent verification appears for 360's vulnerability counts; current figures are reported by Economic Times citing the company.
• •Any technical disclosures from 360 about model architecture, training data, or safeguards; Reuters and other outlets did not publish those details.
• •Regulatory and commercial responses in major markets given prior U.S. export controls on Mythos and Anthropic's allegations of large-scale extraction activity involving Alibaba (Reuters; Economic Times).

For practitioners: Organizations operating critical infrastructure or building security tooling should monitor independent assessments of automated vulnerability-discovery systems and follow evolving guidance on safe usage, provenance, and access restrictions in cross-border contexts. The public reporting highlights that both technical capability and policy controls are likely to shape how these tools are adopted and regulated.