
Chinese LLMs Supercharge Cyber Attacks, Worry Defenders
Chinese firms unleash two new AI models excelling at vulnerability discovery, sparking fears of a widening gap for global cyber defenders.
Wirenova Staff
The global cybersecurity landscape is undergoing a significant shift, propelled by the rapid advancements in artificial intelligence. Recent developments from Chinese firms have particularly intensified concerns, with two new AI models demonstrating capabilities in vulnerability discovery that challenge, and in some cases surpass, leading US mainstream and frontier models. This surge in AI-driven offensive potential has prompted cybersecurity experts to warn of a rapidly broadening gap between attackers and defenders, urging immediate and decisive action from organizations worldwide.
China's AI Offensive
At the forefront of this new wave are Zhipu AI’s open-weight model, GLM 5.2, and 360 Security Technology’s frontier model-based security tool, Tulongfeng, also known as "Dragon Saber." Released in quick succession, GLM 5.2 has already shown remarkable prowess, with subsequent testing indicating it outperforms Anthropic’s Opus and OpenAI’s GPT-5.5 on several critical bug-finding benchmarks. Adding to the alarm, this model boasts an incredibly low cost of just $0.17 per vulnerability found. Following suit, 360 Security Technology's Tulongfeng is touted as China's answer to Anthropic's Mythos, with claims of discovering over 3,400 vulnerabilities since its inception, according to a Reuters report. These models signify a substantial leap in China's AI capabilities for offensive cyber operations.
The Defender's Dilemma
The implications for global cyber defenses are profound. Chris Inglis, former US National Cyber Director and a strategic advisor for ransomware-defense firm Halcyon, emphasizes the urgency of the situation. "Commodity models now can run circles around defenses, and so defenses need to get serious about knowing their architecture, prioritizing the weaknesses within that architecture, and, in rapid priority order, ruthlessly patch and fix your configurations," Inglis stated. He underscores that while the software supporting the discovery process is crucial, the sheer performance of an open-weight model like GLM 5.2 highlights the critical need for defenders to address their accumulated security debt without delay.
Accelerating Cyber Threats
This acceleration in AI's ability to identify and exploit weaknesses is not merely a theoretical threat; it represents a tangible shift in the cyber arms race. Attackers are increasingly integrating sophisticated AI capabilities into their offensive strategies, enhancing their efficiency and reach. The Cloud Security Alliance had previously warned of this trend, noting that the release of frontier models would inevitably empower malicious actors. The advanced, cost-effective vulnerability discovery offered by these new Chinese LLMs could significantly lower the barrier to entry for cybercriminals and state-sponsored groups, enabling them to uncover and exploit flaws faster and more broadly than ever before.
Urgent Call to Action
The window for mitigating these risks is narrowing. While Inglis believes the situation is not yet beyond salvation, his message is clear: organizations must prioritize and execute a rigorous strategy to eliminate security debt. This includes comprehensive architectural knowledge, aggressive vulnerability prioritization, and a commitment to rapid patching and configuration fixes. Failure to adapt and respond decisively to this evolving threat landscape could leave critical infrastructure, corporate networks, and personal data increasingly vulnerable to sophisticated, AI-powered attacks, further entrenching the advantage of those on the offensive.

