On June 28, 2026, multiple outlets reported that Zhipu AI’s open‑weight GLM‑5.2 model matches or beats Anthropic’s restricted Claude Mythos on security bug‑finding benchmarks, based on tests by security firm Semgrep. Analysts say the result, if confirmed, exposes gaps in US export controls that targeted Mythos-class capabilities while leaving competitive Chinese open models accessible.
This article aggregates reporting from 4 news sources. The TL;DR is AI-generated from original reporting. Race to AGI's analysis provides editorial context on implications for AGI development.
If GLM‑5.2 really matches Mythos‑class models on vulnerability detection, the big story isn’t just another leaderboard upset—it’s that US security policy failed its first live test. Washington blocked Anthropic’s Fable and Mythos on national‑security grounds, only to see a Chinese open‑weight model reach similar capabilities weeks later. That suggests export controls aimed narrowly at a few US labs can be outpaced by open models trained elsewhere, especially when they specialize in a single high‑value domain like cybersecurity.
For the AGI race, this is a major signal that China’s frontier ecosystem is no longer 12–18 months behind on every axis. Zhipu didn’t try to beat Mythos on everything at once; it focused on code and security, leveraging open‑source culture and aggressive pricing. If those strengths are paired with continued gains in general reasoning, the overall capability gap could close much faster than many Western strategists have been assuming.
The uncomfortable implication for regulators is that capability governance cannot simply mean “keep US frontier models under lock and key.” Once open‑weight, high‑end security models exist, they will diffuse—into red teams, into criminals’ toolkits, and into defensive platforms. That heightens the urgency of serious, standardized safety evaluation and stronger norms around dual‑use tooling, not just one‑off bans.



