Qihoo 360 says its AI bug finder can rival Anthropic’s Mythos

Chinese cybersecurity firm Qihoo 360 says it has developed an AI-powered vulnerability discovery system that can outperform Anthropic’s Mythos, a model the company has described as highly sensitive an...

Chinese cybersecurity firm Qihoo 360 says it has developed an AI-powered vulnerability discovery system that can outperform Anthropic’s Mythos, a model the company has described as highly sensitive and strategically important.

Qihoo 360 chief executive Zhou Hongyi outlined the system at the 14th Beijing Cybersecurity Conference, which the company organizes. According to Chinese media reports of his remarks, Zhou argued that China needs comparable tools to deter the use of advanced AI in offensive cyber operations, but said copying Anthropic’s approach would not be the best route.

Instead, Zhou said Qihoo 360 has built its own method by combining two decades of threat-hunting experience with a large library of malware samples and security-focused models. The company says the result is a multi-agent system it calls Tulongfeng, designed to work more like a coordinated security team than a single general-purpose model.

How Qihoo 360 says it works

  • models a target and identifies high-risk attack surfaces
  • follows data flows across files and components to spot weaknesses
  • creates sandbox environments automatically
  • generates exploit code and tests whether a flaw is real
  • reviews results after each task to improve later runs

Qihoo 360 says this approach has already uncovered flaws in both open-source and commercial software. Zhou claimed the system found a Windows kernel privilege escalation issue, a Microsoft Office remote code execution flaw, and an Excel vulnerability that had gone undetected for years. He also said the company has used the same approach against OpenClaw, a target previously examined by human researchers.

The company has also introduced another AI security tool, Yitianzhen, which it says can simulate attacks against an organization’s defenses and recommend or apply fixes. Qihoo 360 has been building a domestic alliance of security firms around the tool as a counterweight to Anthropic’s controlled-access program for Mythos, known as Project Glasswing.

Qihoo 360 remains controversial outside China. US authorities have sanctioned the company over concerns that it supports China’s military, while China’s National Computer Virus Emergency Response Center frequently publicizes its research. The latest claims add to the growing competition between US and Chinese firms over the use of AI in vulnerability discovery and cyber defense.