360 released AI-powered vulnerability detection tools ('图龙锋') and automated defense system ('仪天阵'), citing Anthropic's restriction of Mythos access as motivation due to security risks from autonomous exploit discovery.
At the ISC.AI 2026 (14th Internet Security Conference) that opened today, 360 Group founder Zhou Hongyi officially unveiled 360 AI Security's two core capabilities, "Yitian Tulong": the "Tutulongfeng" automated vulnerability discovery intelligent agent and the "Yitianzheng" network security automated defense system. Simultaneously, 360, together with industry partners including Phytium and Kirin spanning information technology, security, cloud computing, large models, and computing infrastructure, jointly launched the "Panshi Shield" security collaboration plan.
Recently, Anthropic announced restrictions on external access to its most powerful internal model, Mythos, drawing widespread attention from the global security industry. When the model first emerged, it triggered a collective drop in stock prices among numerous U.S. cybersecurity leaders.
Zhou Hongyi believes that Mythos's shock value stems fundamentally from its ability to autonomously discover vulnerabilities, analyze them, and even construct network attack "weapons"—equivalent to a "network nuclear weapon" in the AI era that has already established a new form of strategic deterrence.
High-value vulnerabilities are limited in number and expensive to discover, typically accessible only to a small number of elite security experts and state-level teams with sustained discovery capabilities.
But AI is changing this entirely. It is making vulnerability discovery faster, cheaper, and more scalable. Capabilities once controlled by a select few are now being mass-replicated. Vast quantities of long-dormant, difficult-to-find legacy vulnerabilities will be progressively uncovered. When vulnerabilities shift from scarce resources to scalable resources, the rules governing the cybersecurity industry for 30 years will be fundamentally rewritten.
Zhou Hongyi warned in his speech that Mythos has already achieved a dimensional reduction attack against the traditional security industry, and the security sector's "old remedies" no longer work. Without a new set of countermeasures, Chinese cybersecurity will face a "second one-way transparency."
360 once spent 20 years addressing the first one-way transparency challenge—foreign APT groups lurking long-term with attackers hidden and defenders exposed. But Mythos's arrival transforms the offense-defense dynamic to attackers fast and defenders slow, attackers many and defenders few: the adversary has already replicated multiple hacker intelligent agents working in parallel, while we still rely on manual analysis by a handful of security experts. "When AI can rapidly and massively discover vulnerabilities, in attackers' eyes, our systems are like a sieve, full of attack points everywhere."
Zhou Hongyi predicted that China's critical infrastructure and key industries will face a high-frequency cyberattack period in coming years. He stated that China's cybersecurity industry must possess its own Mythos, must discover and patch its own vulnerabilities first, rather than waiting passively for others to find them. "Having cards in hand gives confidence in mind."
However, he also emphasized that China cannot simply replicate the foreign approach of relying on computing power and model capabilities to "achieve miracles through sheer force," but should instead leverage its engineering advantages to pursue an intelligent agent route—organizing large model capabilities, security expert experience, and vulnerability knowledge bases into collaborative intelligent agent systems.
Among these, "Tutulongfeng" is regarded as China's version of Mythos, targeting vulnerability discovery and risk prevention. It has cumulatively discovered 3,432 vulnerabilities, with 105 confirmed by regulatory authorities. Multiple vulnerabilities have been designated as high-risk in the national vulnerability database, covering scenarios including open-source code, operating systems, office software, and AI intelligent agent platforms. It transforms the vulnerability discovery process, previously dependent on individual expert experience, into a sustainable, verifiable, scalable intelligent agent workflow—shifting vulnerability discovery from "accidental lottery" to consistent "factory-scale production." Zhou Hongyi stated that "Tutulongfeng" has already achieved capabilities equivalent to Mythos.
"Yitianzheng" targets security operations and automated defense. It can autonomously plan tasks, assess alerts, and coordinate responses based on real network environments, driving security operations to evolve from manual monitoring, manual analysis, and manual response toward automated and intelligent operations. Zhou Hongyi emphasized that even with China's version of Mythos, this does not mean all risks can be eliminated at once, since vulnerabilities are inexhaustible. The only solution is to counter computing power with computing power, enabling China's cybersecurity defense system to shift from "human wave tactics" to "autonomous driving."
At the ISC conference, Zhou Hongyi announced the "Panshi Shield" security collaboration plan, making AI Security's "Yitian Tulong" capabilities available first to China's key information technology enterprises and critical infrastructure units, implementing AI security capabilities across the industry. Initial participants include UOS, Kirin, Hillstone Networks, Hygon, Phytium, Kingdee, Bilisim, China Mobile Cloud, Boland, and Dameng.
Zhou Hongyi stated that the United States protects its critical infrastructure by placing Mythos within the Glasswing alliance, and China must similarly establish its own security collaboration system, rather than passively awaiting risk escalation.