New Chinese AI Models Challenge Cyber Defenses
Recent advances in Chinese AI models reveal vulnerabilities at a rapid pace, posing a challenge to cybersecurity defenses.

Key points
- Two Chinese companies released advanced AI models in June 2023, enhancing vulnerability discovery.
- Zhipu AI's GLM 5.2 and 360 Security Technology's Tulongfeng are outperforming some U.S. AI models.
- AI advancements highlight the need for improved cybersecurity defenses.
Chinese companies have made significant strides in artificial intelligence (AI), developing new models that can find software vulnerabilities quickly and at low cost. In June 2023, Zhipu AI released GLM 5.2, a model tested to outperform some U.S. counterparts in spotting vulnerabilities. Just two weeks later, 360 Security Technology launched Tulongfeng, an AI tool that has already identified over 3,400 vulnerabilities.
These developments have raised concerns among cybersecurity experts. Chris Inglis, former U.S. National Cyber Director, warns that such advancements mean defenders need to quickly address their security weaknesses. He stresses the importance of knowing and fixing vulnerabilities in computer systems before attackers can exploit them.
AI systems are not only getting better at finding vulnerabilities, but hackers are also using these tools to strengthen their attacks. In April, the Cloud Security Alliance warned about the potential for an "AI vulnerability storm" if advanced models like Mythos are used maliciously. Google, in May, detected the first instance of an AI-created exploit in the wild.
For defenders, the fact that some Chinese models can be run on local hardware is a big advantage. John Gallagher from Viakoo notes that this allows for greater control over data security, especially for industries like operational technology (OT) and critical infrastructure.
Should customers be worried?
Yes, but there are steps to mitigate risks. The rapid advancement of AI in finding vulnerabilities means companies must stay vigilant. Ensuring systems are regularly updated and patched is crucial. Chris Inglis highlights that while AI capability is impressive, it's the defensive readiness that often dictates outcomes. Companies should focus on visibility, workflow management, and decision-making processes to enhance their cybersecurity posture.
Testing by cybersecurity firm Semgrep found that GLM 5.2 had the highest performance among standard models, achieving a 39% F1 score, a measure of accuracy in identifying vulnerabilities. This shows the effectiveness of these models, although Margaret Cunningham from Darktrace notes that the model's origin is less important than how well it's integrated into security operations.
Ultimately, the debate is less about whether these AI models are from the U.S. or China, and more about how effectively organizations can use them to bolster defenses. The priority is integrating AI into existing systems to improve detection and response capabilities.



