Zhipu AI’s open-weight GLM-5.2 mannequin is reportedly acting on par with Anthropic’s restricted Claude Mythos in particular cybersecurity and software program vulnerability detection duties, a improvement that’s intensifying issues contained in the U.S. authorities in regards to the effectiveness of its AI export management technique.
Zhipu AI (Z.ai) launched GLM-5.2 on June 13, 2026, below a permissive open-weight license, enabling any researcher or developer to obtain and run the mannequin on customary consumer-grade {hardware}. Not like Anthropic’s Mythos, which is topic to U.S. export controls, GLM-5.2 is freely accessible worldwide.
Whereas the mannequin nonetheless trails Anthropic and OpenAI techniques on broad general-purpose benchmarks, its focused efficiency in vulnerability identification has caught the safety neighborhood’s consideration.
Unbiased testing by Semgrep positioned GLM-5.2’s IDOR (Insecure Direct Object Reference) vulnerability detection at an F1 rating of 39%, surpassing Claude Code’s 32–37% on similar analysis duties.
Critically, the mannequin achieved these outcomes at roughly $0.17 per vulnerability discovered, roughly one-sixth the price of comparable Claude-based workflows. Graphistry’s extra benchmarks additional corroborated the discovering, exhibiting {that a} freely downloadable Chinese language open-weight mannequin can match U.S. frontier AI in particular safety domains.
| Metric | GLM-5.2 (Zhipu AI) | Claude Mythos (Anthropic) |
|---|---|---|
| IDOR Detection F1 Rating | 39% | ~32–37% |
| Price Per Vulnerability Discovered | ~$0.17 | ~$1.00+ |
| Entry Mannequin | Open-weight (public) | Restricted / export-controlled |
| Common-Function Benchmark Rank | Trails U.S. fashions | Frontier-tier |
| License | Permissive | Proprietary |
The Trump administration has handled superior AI fashions similar to Mythos and Fable as severe nationwide safety belongings, citing their capacity to autonomously determine software program vulnerabilities as potential enablers of cyberwarfare.
U.S. export controls have suspended entry to those fashions for international entities, together with Chinese language researchers, particularly over cyber danger issues. The discharge of GLM-5.2 challenges the core assumption behind these restrictions that blocking entry to frontier fashions would forestall adversaries from creating equal offensive cyber capabilities.
Anthropic’s personal Project Glasswing, which used Claude Mythos to uncover over 10,000 important vulnerabilities in its preliminary report, had beforehand illustrated simply how highly effective these fashions will be in vulnerability analysis contexts. GLM-5.2 now raises the prospect that related capabilities are now not completely in U.S. palms.
The event arrives as OpenAI unveiled GPT-5.6 with restricted entry as a consequence of related misuse issues, underscoring a broader U.S. effort to gate highly effective AI behind entry controls.
Safety researchers warn that open-weight fashions reaching frontier-level efficiency on area of interest duties like bug-finding dramatically compress the timeline for each defensive automation and potential offensive exploitation. GLM-5.2’s public availability means these capabilities are already accessible to menace actors globally with or with out U.S. regulatory approval.
The emergence of GLM-5.2 indicators that China has made materials progress in specialised, high-stakes AI domains, forcing a important reassessment of whether or not {hardware} restrictions and mannequin entry controls alone can protect Western dominance in AI-driven cybersecurity instruments.
🔒 CISO / Safety Chief: Your Subsequent Breach Could Not Have a Face: Be a part of the “” LIVE webinar with ISC2