Zhipu AI’s open-weight GLM-5.2 model is reportedly performing on par with Anthropic’s restricted Claude Mythos in specific cybersecurity and software vulnerability detection tasks, a development that is intensifying concerns inside the U.S. government about the effectiveness of its AI export control strategy.
Zhipu AI (Z.ai) released GLM-5.2 on June 13, 2026, under a permissive open-weight license, enabling any researcher or developer to download and run the model on standard consumer-grade hardware. Unlike Anthropic’s Mythos, which is subject to U.S. export controls, GLM-5.2 is freely accessible worldwide.
While the model still trails Anthropic and OpenAI systems on broad general-purpose benchmarks, its targeted performance in vulnerability identification has caught the security community’s attention.
Independent testing by Semgrep placed GLM-5.2’s IDOR (Insecure Direct Object Reference) vulnerability detection at an F1 score of 39%, surpassing Claude Code’s 32–37% on identical evaluation tasks.
Critically, the model achieved these results at approximately $0.17 per vulnerability found, roughly one-sixth the cost of comparable Claude-based workflows. Graphistry’s additional benchmarks further corroborated the finding, showing that a freely downloadable Chinese open-weight model can match U.S. frontier AI in specific security domains.
| Metric | GLM-5.2 (Zhipu AI) | Claude Mythos (Anthropic) |
|---|---|---|
| IDOR Detection F1 Score | 39% | ~32–37% |
| Cost Per Vulnerability Found | ~$0.17 | ~$1.00+ |
| Access Model | Open-weight (public) | Restricted / export-controlled |
| General-Purpose Benchmark Rank | Trails U.S. models | Frontier-tier |
| License | Permissive | Proprietary |
The Trump administration has treated advanced AI models such as Mythos and Fable as serious national security assets, citing their ability to autonomously identify software vulnerabilities as potential enablers of cyberwarfare.
U.S. export controls have suspended access to these models for foreign entities, including Chinese researchers, specifically over cyber risk concerns. The release of GLM-5.2 challenges the core assumption behind these restrictions that blocking access to frontier models would prevent adversaries from developing equivalent offensive cyber capabilities.
Anthropic’s own Project Glasswing, which used Claude Mythos to uncover over 10,000 critical vulnerabilities in its initial report, had previously illustrated just how powerful these models can be in vulnerability research contexts. GLM-5.2 now raises the prospect that similar capabilities are no longer exclusively in U.S. hands.
The development arrives as OpenAI unveiled GPT-5.6 with limited access due to similar misuse concerns, underscoring a broader U.S. effort to gate powerful AI behind access controls.
Security researchers warn that open-weight models reaching frontier-level performance on niche tasks like bug-finding dramatically compress the timeline for both defensive automation and potential offensive exploitation. GLM-5.2’s public availability means these capabilities are already accessible to threat actors globally with or without U.S. regulatory approval.
The emergence of GLM-5.2 signals that China has made material progress in specialized, high-stakes AI domains, forcing a critical reassessment of whether hardware restrictions and model access controls alone can preserve Western dominance in AI-driven cybersecurity tools.
🔒 CISO / Security Leader: Your Next Breach May Not Have a Face: Join the “Ghost in the Machine” LIVE webinar with ISC2
