China’s largest cybersecurity firm has taken a bold step by introducing two new AI-driven cybersecurity tools designed to rival those of Anthropic, a leading American AI company. The tools, named Tulongfeng and Yitianzhen, are positioned to address the significant security challenges highlighted by Anthropic's recent release of its Claude Mythos system. The Claude Mythos gained considerable attention for its ability to autonomously detect and exploit numerous zero-day vulnerabilities across widely used operating systems and web browsers, raising alarms in the cybersecurity community when it was announced in April.
In response, 360 Security Technology asserts that their newly developed tools can meet or exceed the advanced capabilities displayed by Mythos. Tulongfeng is specifically designed for automated vulnerability discovery, while Yitianzhen focuses on providing automated cyber defense and incident response.
The development of these tools comes on the heels of a successful performance in a past competition, where 360 Security Technology reported identifying about 1,000 vulnerabilities within popular applications such as Microsoft Office. Expert analysts, such as Eugenio Benincasa from ETH Zurich, have recognized 360 as a formidable competitor in the realm of AI cybersecurity, directly challenging the innovations presented by Anthropic.
From a broader perspective, the launch of these tools coincided with an uptick in the stock prices of Chinese cybersecurity firms, reflecting the market's interpretation of the escalating demand for effective AI-driven security solutions. As organizations increasingly adopt these technologies, domestic players like 360 Security Technology are committed to innovating and capturing market share in China.
However, investors should exercise caution when considering the implications of these developments. Anthropic successfully demonstrated Mythos in controlled settings before stowing it away, avoiding any public release due to potential misuse risks. In contrast, 360 Security's assertions regarding their products’ capabilities have yet to undergo independent verification in similar tested environments. The chasm between identifying vulnerabilities and autonomously exploiting zero-day vulnerabilities across multiple platforms is significant and warrants careful evaluation.