China's 360 AI Agents Already Finding Real Vulnerabilities — No Mythos Needed

While the world was buzzing about Anthropic's Mythos model for AI-powered vulnerability discovery, Chinese cybersecurity giant 360 Group quietly revealed it had already been doing this at scale — and with real-world results.

360's multi-agent AI system, built on 20 years of offensive security experience and over 300 billion attack samples, has uncovered nearly 1,000 vulnerabilities across Windows, Office, Android, IoT devices, and Chinese domestic software.

Two discoveries stand out: a Windows kernel privilege escalation flaw (CVE-2026-24293) hidden for nearly 5 years, and an Office remote code execution vulnerability lurking for 8 years — both confirmed by Microsoft's Security Response Center. Over 50 high-risk vulnerabilities have been validated by China's national vulnerability databases.

The contrast with Anthropic's approach is striking. Mythos represents a capability demonstration — a large general-purpose model exploring what's possible in a laboratory setting through Project Glasswing. 360's system is an engineering solution already deployed in production, combining specialized AI agents with decades of real-world threat intelligence.

This highlights a growing pattern in the AI race: while Western labs focus on showcasing what AI can do, Chinese companies are racing to deploy AI where it delivers immediate, measurable impact. In cybersecurity, the gap between "could find vulnerabilities" and "has found nearly 1,000" is the difference that matters.