Anthropic’s Mythos has triggered a new chapter in the US-China AI arms race – and Asia’s regulators are already scrambling to keep up.
Hong Kong’s central bank launched an emergency taskforce this week to shield the city’s banks from AI-driven cyberattacks. Singapore, South Korea and Australia did the same. What triggered this? A single AI model that Anthropic built, got scared of, and locked away. Its name is Mythos.
The Hong Kong Monetary Authority (HKMA) confirmed it will introduce a new Cyber Resilience Testing Framework and form a public-private sector taskforce to address the threat. It isn’t alone. The question now isn’t whether Mythos has changed the cybersecurity landscape. It has. The question is what that means for China, and for the US-China AI race.
China Wasn’t Invited. But It Noticed.
On April 7, Anthropic launched Project Glasswing. The initiative gave a select few companies access to Mythos, these companies included Cisco, JPMorgan Chase and Nvidia. Missing from this list, were any Chinese firms. This follows Anthropic previously labeling China as an “adversarial nation,” and its services remain banned across greater China, including Hong Kong.
Beijing has stayed largely silent. But Chinese AI labs haven’t been standing still.
According to Beijing-based consultancy Concordia AI, China’s open-source models still trail US closed-source models in cyber capabilities – but that gap is closing at speed.
The Benchmark Battle: US vs. Chinese Models
The clearest way to track the race is CyberGym, a benchmark that tests AI agents on their ability to find and exploit real vulnerabilities in open-source software. Mythos scored 83.1%.
The same day Anthropic published that result, Beijing-based Zhipu AI released GLM 5.1, claiming a CyberGym score of 68.7%. This result already surpasses Anthropic’s previous flagship model, Claude Opus 4.6, which launched just two months earlier.
Moonshot AI’s Kimi K2.5, released in late January, scored 41.3% on CyberGym. Independent researchers from the US, UK and Israel evaluated it and concluded it hadn’t yet reached cutting-edge autonomous attack capability. However, they warned that its semi-automated offense skills warranted “continued monitoring.” Moonshot’s newest open-source model, Kimi K2.6. It was released on April 20 and named the world’s strongest open-source model by third-party firm Artificial Analysis. But this model has not disclosed its CyberGym score.
The gap between US and Chinese models on this benchmark has gone from a chasm to a sprint in under six months.
The Dual-Use Dilemma
This is where it gets complicated. AI cyber capability is dual-use. The same model that finds vulnerabilities can be used to patch them. Or exploit them.
Chinese researchers are actively building on the defensive side. Alibaba’s researchers are developing a “Qwen cyber agent” to help firms defend critical software, co-led by a researcher from Hong Kong University of Science and Technology who previously ran cybersecurity evaluations for Moonshot’s Kimi K2.5. No release date has been announced.
The UK’s AI Security Institute evaluated Mythos on April 13 and found it could execute multi-stage network attacks autonomously – tasks that would take human professionals days. That’s the version China doesn’t have access to.
Huang’s Warning vs. Bessent’s Bet
The sharpest debate is now about what to do with that asymmetry.
US Treasury Secretary Scott Bessent called Mythos a “step function change” in capabilities that will keep America ahead. Nvidia CEO Jensen Huang disagreed with the framing. He warned on the Dwarkesh Podcast that China already has the compute to build its own Mythos. He pointed to ghost data centers, 60% of global mainstream chip manufacturing, and 50% of the world’s AI researchers.
Huang explained that, “victimizing them, turning them into an enemy, likely isn’t the best answer.“ He continued: “we want the United States to win, but I think having a dialogue and having a research dialogue is probably the safest thing to do.”
That view is now being tested in real time. While US-led coalitions gain an early defensive edge through Project Glasswing, Chinese banks in Hong Kong must patch vulnerabilities without access to the very tool that exposed them. Meanwhile, Beijing remains publicly quiet, but its AI labs continue narrowing the CyberGym gap at a striking pace.
