China's Article 36 cybersecurity law effectively neutralizes Anthropic's exclusion of Chinese entities from its Mythos AI vulnerability detection model. The law mandates that private companies and security researchers report vulnerabilities to government agencies before public…
A Chinese cybersecurity firm says its AI agent found a Microsoft Office vulnerability that had gone undetected for roughly eight years. The discovery, catalogued as CVE-2026-32190, took minutes. What Qihoo 360 does next with that finding is not a technical question — it is a legal one. China requires private companies to report vulnerabilities to state agencies before disclosing them publicly. Whether Qihoo 360 has already handed that flaw to Chinese intelligence, and whether it learned of it through a capability Anthropic explicitly tried to keep away from Beijing, is the question Anthropic's restricted-access policy was designed to prevent.
The exclusion did not work the way Anthropic planned. The company launched Project Glasswing in April 2026, a consortium of more than 40 US companies and government agencies using the Mythos model to patch vulnerabilities defensively before adversaries could exploit them. The member list, from Anthropic's own announcement: Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. No Chinese company received access. Anthropic has explicitly designated China an adversarial nation; its services remain banned in greater China including Hong Kong.
China has a law that was already built for this. Article 36 of China's cybersecurity statute requires private companies and security researchers to report vulnerabilities to government agencies before disclosing them publicly — funneling elite security research into state intelligence pipelines. When Chinese firms develop their own Mythos-level capability, every vulnerability their AI finds becomes a state asset the moment it is discovered. Anthropic's exclusion does not prevent that outcome; it ensures that when China builds its own version, the findings arrive pre-packaged for exactly the government Anthropic was trying to circumvent.
The Qihoo 360 case is the closest thing to evidence that the mechanism is working in real time. The company's AI agent identified CVE-2026-32190. The discovery is concrete and recent. Whether it has been reported under Article 36 is not confirmed — and that gap between the legal requirement and verifiable disclosure is the unresolved question at the center of this story. Security researchers at ETH Zurich who track China's vulnerability disclosure regime note that the law compresses the timeline between discovery and government knowledge in a way that US and European disclosure frameworks do not, giving Chinese state intelligence a structural edge in the window before patches propagate globally.
Anthropic's own performance numbers for Mythos are difficult to dismiss on technical grounds. The model turned Firefox vulnerabilities into working exploits 181 times out of 200 attempts, according to the company's testing. It found a 27-year-old flaw in OpenBSD and zero-day vulnerabilities across every major operating system and browser. The UK AI Security Institute confirmed the findings independently: Mythos is the first model to complete a 32-step simulated corporate network attack, succeeding 73 percent of the time on expert-level challenges where every prior model failed entirely. Dario Amodei, Anthropic's CEO, has said competitors are roughly six to 18 months behind.
Chinese firms are responding. Qihoo 360's digital security group claims its AI agent has identified nearly 1,000 previously unknown vulnerabilities across Windows, Microsoft Office, Android, and other products. The company's stock, along with those of Qi An Xin and Sangfor Technologies, rose for several consecutive days after the Mythos announcement — the market pricing in expected demand for AI-driven cybersecurity tools. Austin Zhao, senior research manager at IDC China, noted that while the sector anticipated Mythos-level capabilities, the actual performance numbers still surprised many.
Independent analysts urge caution. Aisle, an AI cybersecurity firm, examined Anthropic's core assertions — that Mythos found thousands of zero-day vulnerabilities across major operating systems and browsers — and found that cheaper models were also capable of finding the same issues. This does not mean Mythos is not genuinely powerful; the AISI verification and the fact that no prior model could complete a 32-step attack simulation argue otherwise. But the gap between Mythos and what is publicly available may be narrower than Anthropic's urgent tone implies.
The six-to-18-month gap between Mythos-level capability and China's response is the thing to watch. If Qihoo 360's claims hold up to independent scrutiny and the Article 36 mechanism is confirmed as active, that timeline compresses. If it is marketing, the paradox collapses into something simpler: a US firm built a powerful defensive tool, shared it with allies, and China, locked out, is making noise about alternatives it cannot yet match. What has not happened — yet — is confirmation that Chinese state intelligence has received a Mythos-adjacent vulnerability report through the mandatory disclosure channel. That confirmation, when it comes, will be the story.
Sources: Anthropic blog | UK AI Security Institute | SecurityWeek | SCMP | SCMP 2 | CS Monitor | Natto Thoughts | The Guardian