A Chinese cybersecurity firm has claimed AI-driven vulnerability discovery capabilities that approach the scale of those attributed to Anthropic’s Claude Mythos, according to Eugenio Benincasa, an ETH Zurich cybersecurity researcher focusing on China.
360 Digital Security Group’s claims centre on an internally developed Multi-Agent Collaborative Vulnerability Discovery System, which contributed to roughly half of the vulnerabilities it identified at the Tianfu Cup, a major hacking competition, totalling close to 1,000 vulnerabilities. The firm says the effort uncovered more than 50 high-severity flaws across Windows, Microsoft Office, Android, OpenClaw, IoT devices and other products, with a particularly striking claim around CVE-2026-32190 in Office.
A separate Windows kernel vulnerability (CVE-2026-24293) was credited by Microsoft to researchers from Taiwan and South Korea, casting doubt on 360’s claim. Benincasa cautions that while the AI capabilities appear significant, they do not yet match the reasoning described for Claude Mythos, with some suggesting Google’s Big Sleep as a closer comparator.
He also notes Chinese legislation requires vulnerabilities to be reported to government agencies before disclosure, which may influence how elite security research is channelled.