"Mythos with Chinese characteristics": Can it catch up? Is it too late?
The 2026 Internet Security Conference (ISC.AI) hosted by 360 was held in Beijing on the 24th, which is regarded as 360's annual press conference. In the past two years, many of 360's major new products, from model aggregation to intelligent agents, were first launched on this occasion. This year, the biggest product release theme has returned to the old business of security, but this time it's about the disruption of the security industry by intelligent agents.
In the past year, "Lobsters" have appeared on the desktops of tens of millions of computers and were warned by the Ministry of Industry and Information Technology. Even the founding community members of OpenClaw were amazed that Chinese companies dared to directly deploy Claw - like products in real production environments.
Intelligent agents accelerate all things that can be done through them without discrimination, even cyber - attacks.
One Month of Experiencing Large - Scale Account Theft
Since May this year, a series of password databases that had long been leaked and were once buried suddenly began to be used for brute - force attacks at an accelerated pace, at a frequency that humans could never reach.
A series of the editor - in - chief's accounts without two - step verification have successively experienced abnormal logins. It started when someone reminded the editor - in - chief that their Threads account had been stolen to send fake cryptocurrency messages. From the end of May to the present, for a month, the editor - in - chief has been busy changing the passwords of various accounts. Even so, the editor - in - chief permanently lost their LinkedIn account. The attacker immediately changed the bound email address, making it impossible to retrieve.
An email account that the editor - in - chief still doesn't know where it was registered has been logged in from different locations around the world multiple times a day for a month. Each abnormal login would send a text message to the editor - in - chief's phone. The editor - in - chief watched as this account hopped around in places like Nicaragua, Nairobi, Bermuda, South Africa, Ireland, Argentina, the Philippines, Tainan, and Zhenjiang. In a few days when there's free time, the editor - in - chief might make a honey - pot hotspot map with the received text messages according to the time.
By sharing this personal experience, it's to illustrate that even though one has heard countless times about large - scale thefts of official or private databases and knows that their account passwords have been resold again and again, they still feel confident that as an ordinary person, they have little value. No one would be willing to painstakingly try the passwords of tens of millions of people on different websites one by one.
No one is willing, but intelligent agents don't care.
In April, Anthropic's Mythos discovered a 27 - year - old OpenBSD vulnerability and a 16 - year - old FFmpeg vulnerability. The company invited industry giants such as NVIDIA, Microsoft, Google, Apple, and JP Morgan to form the Glasswing Alliance, which uses this model for small - scale vulnerability checking. As expected, China was excluded.
On June 13th, the Mythos and its scaled - down version, the Fable model, were banned by the US Department of Commerce on the grounds of national security. Anthropic has long been "putting on a show." For a program that only predicts the next word based on word frequency and human - assisted learning, they insist that it has consciousness, invite psychologists and religious masters for it, and formulate a "constitution." It seems that they finally dug a hole for themselves after successfully deceiving others.
In addition to being extremely frustrated because they can't sell their products normally, there are also criticisms in the US that restricting the most advanced known model may not stop the evolution of cyber - attacks and defenses elsewhere, but instead restrict their own hands and feet.
When the most advanced large - scale cyber - security model has been elevated to a strategic level similar to that of weapons of mass destruction, what choices will countries that don't possess this model make? This is the main message that Zhou Hongyi hopes to convey to the outside world in his nearly - one - hour speech. After the speech, the news that "360 claims to have developed a domestic alternative to Mythos" also appeared on the pages of international media.
Your Vulnerabilities, Others' Opportunities
Claw - like local intelligent agents are collectively referred to as "Lobsters" in China. When the principle is already clear, the excellent product capabilities in China have taken the user experience to a whole new level. From QClaw to MiClaw, both large and small terminals have set the stage for local intelligent agents. The only difference between mobile phones and computers lies in the number of model parameters.
Based on the editor - in - chief's "personal statistics," most people are used to using WorkBuddy, which won the "horse - race" among Tencent's products. It's like a client for an AI chat tool, but the resources it can access are very different. It can connect to as many models, APIs, MCPs as possible and is compatible with multiple Skills, thus greatly improving convenience.
Whether a "Lobster" is obedient, useful, or troublesome is basically determined by the capabilities of the model selected by the user; the engineering safeguards and security protections of the local client don't play a decisive role. And "stupid humans" may casually use malicious Skills or prompts from unverified Skill stores, becoming the weakest link in the whole chain. Even real geeks, who fully understand the usage and have given proper authorization, may still encounter the tragedy of "deleting the database and running away" and then "sincerely apologizing but never changing."
At today's event, both Zhao Chunjiang, an academician of the Chinese Academy of Engineering, and Zhou Hongyi himself mentioned the major security risks of "Lobsters."
Zhou Hongyi defined "Lobsters" as "toys made by geeks for themselves." They have a high threshold, their behavior is uncontrollable, and they are easily infected by malicious skills. Once this type of intelligent agent enters the enterprise workflow, the security risks will be magnified.
He believes that Mythos can independently search for vulnerabilities, analyze them, and construct attack software, which is equivalent to "a nuclear weapon in the AI era." The Glasswing Alliance is essentially a "large - scale internal vulnerability check." The fact that about 150 organizations from 15 countries/regions do not include China is a very big problem.
Just as the editor - in - chief's passwords that had been leaked for many years were tried all over the network within less than a month, the two long - standing vulnerabilities in FFmpeg and OpenBSD had been repeatedly examined by countless top - level security experts, and the automatic fuzzer ran 5 million times without catching them.
Zhou Hongyi's core argument is that the difficulty of finding vulnerabilities has barely maintained the fragile balance between the two sides of cyber - attacks and defenses in the past thirty years. 0Day vulnerabilities are scarce, the discovery cycle is long, and they require top - level experts. A single high - value vulnerability can be sold for millions to tens of millions in the black market. And advanced models combined with automated processes have rewritten the rules of the game in terms of speed, quantity, cost, and threshold at the same time.
Mythos compresses the timeline from the discovery to the verification to the attack of high - value vulnerabilities to the hourly level. "The AI discovers a vulnerability in the morning, completes the verification at noon, and starts the attack in the evening." Someone with ill intentions can launch 100 or 1000 intelligent agents to conduct a parallel carpet - style search. From a cost perspective, according to current estimates, the computing power cost of digging a high - value vulnerability is less than $1000. The capabilities that were once in the hands of a few countries and organizations are becoming more accessible to the public. People who don't know how to program can also write attack codes. Therefore, "in the past, it was about who was stronger; in the future, it will be about who is faster."
Make up for the Lack of Computing Power with Engineering
Zhou Hongyi believes that China cannot wait until the model capabilities are fully caught up, otherwise it will face the risk of a "second one - way transparency." The so - called "one - way transparency" means that the enemy is in the dark and we are in the light. 360 can give such an example because it has actually experienced it. The "first one - way transparency" was that overseas APT organizations had long been lurking in China's networks. 360 used large - scale network security big data and airtight probes to capture 60 overseas APT organizations in total, basically solving this problem.
Although ordinary people don't have professional criteria to judge which company has stronger network security capabilities, when it comes to the situation where a new computer user often makes a clean Win11 system freeze and installs countless malicious software that fight with each other, the simple and reliable advice from "old hands" is often "install 360 first to get rid of other software, and then uninstall 360."
Now, the "second one - way transparency" is about the difference in speed and quantity. While we are still relying on a few security experts for analysis, the other side has supported a group of hacker intelligent agents to carry out concurrent attacks. In Zhou Hongyi's words, "in the eyes of the attackers, our system is like a sieve, with attackable points everywhere."
After explaining the logic, the products were introduced on stage. The two new names, "Tulongfeng" and "Yitianzhen," have a strong oriental flavor, but the names are just codes. In fact, a news report from 360 last month mentioned that the entire system that discovered the long - standing vulnerabilities in Microsoft Windows and Office is the same system, which was given the name "Tulongfeng."
"Tulongfeng" has discovered a total of 3432 vulnerabilities, 105 of which have been confirmed by regulators. Many of them are defined as high - risk vulnerabilities by the national vulnerability database, covering three types of scenarios: open - source code vulnerabilities, binary vulnerabilities in Windows and Internet of Things devices, and AI and intelligent agent vulnerabilities.
Among them, the vulnerabilities that had been lurking in the Windows kernel for 5 years, in Office for 8 years, and in Excel for 10 years, and 23 vulnerabilities (including 4 core component vulnerabilities) discovered in the OpenClaw ecosystem have all been recognized by Microsoft and the founder of "Lobster."
"Yitianzhen" is a supporting active defense system that can operate automatically 24/7, conduct risk assessment and disposal in minutes, and provide unattended closed - loop defense.
How to create a "Chinese version of Mythos"? Anthropic takes the route of the strongest model, the strongest computing power, and the strongest chips to achieve success. There is still a gap between domestic open - source base models. But "we can't wait until the capabilities of the base models catch up before doing vulnerability discovery." Therefore, we must start from the engineering route.
As mentioned before, the local harness of "Lobsters" may be limited by the machine's capabilities and yield to the capabilities of the model itself. But if it's a large - scale model on the cloud side, it seems that more computing power can be used, making it seem smarter.
Zhou Hongyi said that the "20 - year practical experience" accumulated by 360's security experts, as well as the collaborative work of multiple intelligent agents and the automatic scheduling according to the target, ensure that the new product is worthy of being called the "Chinese version of Mythos."
Of course, at present, there is no way other than official data to verify whether this Chinese version of Mythos is as good as the original. For example, it's quite difficult to conduct a third - party - hosted offensive and defensive drill like a large - scale model arena for closed - source models.
But on this issue, if 360 can't prove itself, then neither can Mythos, because no one can actually use them. Maybe after a few months, when you see news about a security incident somewhere, or whether you or your relatives and friends have experienced account theft, it will give the final answer.
What to Do When You "Don't Know What You Don't Know"?
Just as there is a Chinese version of Mythos, there is also a Chinese version of Glasswing. The "Panshi Zhidun" security cooperation plan was launched. The first batch of participating enterprises includes Tongxin, Kylin, Hillstone Networks, Hygon, Phytium, Kingdee, Biren, Mobile Cloud, Baoland, and Dameng, covering almost all the main links of the domestic - innovation industrial chain. Zhou Hongyi said that the capabilities of Tulongfeng and Yitianzhen will first be tested on a small scale by key domestic - innovation units and key infrastructure units, and the upstream and downstream of the industrial chain need to be organized.
The nanoWork, an AI work platform, was also released at the same event. Zhou Hongyi shared a case within 360 at the scene. A salesperson for a large government and enterprise customer trained a tender - monitoring expert, who then completed opportunity assessment, risk screening, bid - document analysis, proposal preparation, quotation calculation, and contract review, and finally handed over a nearly - submitable tender package. It's worth noting that nanoWork doesn't follow the "Security Lobster" architecture that was quickly launched when OpenClaw was very popular at the beginning of the year.
At a time when Doubao has launched a professional version and many mainstream C - end model clients are transitioning to a paid intelligent agent model, 360's similar products must play the security card. Maybe offering customers a guarantee of "pioneer compensation" in case of any vulnerability incidents will make the security commitment more attractive.
Zhou Hongyi believes that even with the Chinese version of Mythos, it doesn't mean that all risks can be eliminated at once. The only way out is to fight computing power with computing power, so that China's network security defense system can move from the "human - wave tactic" to "autopilot." We should discover and repair our own vulnerabilities first, rather than waiting for others to find them and then respond passively. "Only when you have the cards in hand can you feel confident."
Finally, the editor - in - chief wants to mention that Zhang Weizhi, a corresponding member of the International Eurasian Academy of Sciences, told a story from ten years ago at the event. In 2015, they undertook a national single - window project and tried to use AI for automatic customs declaration. They found that when the AI was matching the customs SHQ codes, it would automatically choose the option with the lowest tax rate. If this choice is wrong, it's on the verge of being legal and smuggling.
This experiment made him propose the "epistemology of machine knowledge." Human knowledge starts from uncertainty and moves towards certainty, while machine knowledge does the opposite. It starts from certainty and becomes more and more uncertain as it emerges. They are two fundamentally different knowledge systems. "What we are afraid of is that the knowledge system of intelligent agents is inconsistent with ours," Zhang Weizhi said.
This story reflects another aspect of thinking about security issues from the perspective of models. In addition to speeding up on the known path and running blindly, there is another possibility of randomly exploring in unknown directions and using methods beyond human capabilities to solve problems that people "don't know what they don't know." This is similar to the so - called "divine move" of AlphaGo back then.
Due to the actual gap in model capabilities, is this "divine move" a well - calculated advanced model's pre - thought chain, or is it a small model having an "illusion" and getting lucky? We can't predict it now and can only wait and see.
Anyway, when the editor - in - chief uses intelligent agents, especially when paired with models with high programming capabilities, the feeling is exactly the same as that meme picture: at first, one fantasizes about driving the model with a whip. After a while, one finds oneself like an ape who has accidentally entered the tea break of a high - end academic conference, holding a glass and unable to talk to anyone, listening to the intelligent agents chatting in an incomprehensible language.
Here, it is recommended to all "apes": modify the passwords of key accounts as soon as possible and don't use the same set of passwords; add two - step verification and biometric verification such as mobile phone numbers, fingerprints, and eye scans instead of entering passwords; at the same time, don't blindly trust password managers. It's best to remember a set of key passwords. After all, just recently, the password management tool LastPass admitted that its customer service system was attacked through the supply chain...