The firm says the system contributed to roughly half of the vulnerabilities it identified at the contest, finding close to 1,000 vulnerabilities in total, including over 50 high-severity flaws across Windows, Microsoft Office, Android,OpenClaw, IoT devices, and other products.The most striking individual claim involves CVE-2026-32190, a critical Office vulnerability that 360 says its AI agent identified within minutes, after it had allegedly gone undetected for roughly eight years. A separate Windows kernel vulnerability (CVE-2026-24293) was also claimed, though Microsoft credits researchers from Taiwan and South Korea with that discovery, casting doubt on 360’s claims.Benincasa cautions that while 360’s AI capabilities appear significant, they do not yet appear to match the reasoning capabilities described for Claude Mythos. A closer comparison, the expert suggests, isGoogle’s Big Sleep, which accelerates discrete stages of vulnerability research rather than operating as a fully autonomous agent.However, the expert believes other aspects may ultimately matter more than any technical comparison. Chinese legislation requires private companies and researchers to report vulnerabilities to government agencies before disclosing them publicly, effectively channeling elite security research into state intelligence pipelines.This puts China at an advantage compared to the United States, Europe, and other democratic countries, Benincasa noted.As for Mythos’ capabilities, outside of Anthropic’s claims, Mozilla said the AI helped it find over270 Firefox vulnerabilities, and Palo Alto Networks reported a significant boost in vulnerability discovery.Others, however,pointed outthat only a few dozen public CVEs have been credited to Anthropic and only one specifically to Glasswing.Related:AI Can Autonomously Hack Cloud Systems With Minimal Oversight: ResearchersRelated:White House Chief of Staff to Meet With Anthropic CEO Over Its New AI Technology
The most striking individual claim involves CVE-2026-32190, a critical Office vulnerability that 360 says its AI agent identified within minutes, after it had allegedly gone undetected for roughly eight years. A separate Windows kernel vulnerability (CVE-2026-24293) was also claimed, though Microsoft credits researchers from Taiwan and South Korea with that discovery, casting doubt on 360’s claims.Benincasa cautions that while 360’s AI capabilities appear significant, they do not yet appear to match the reasoning capabilities described for Claude Mythos. A closer comparison, the expert suggests, isGoogle’s Big Sleep, which accelerates discrete stages of vulnerability research rather than operating as a fully autonomous agent.However, the expert believes other aspects may ultimately matter more than any technical comparison. Chinese legislation requires private companies and researchers to report vulnerabilities to government agencies before disclosing them publicly, effectively channeling elite security research into state intelligence pipelines.This puts China at an advantage compared to the United States, Europe, and other democratic countries, Benincasa noted.As for Mythos’ capabilities, outside of Anthropic’s claims, Mozilla said the AI helped it find over270 Firefox vulnerabilities, and Palo Alto Networks reported a significant boost in vulnerability discovery.Others, however,pointed outthat only a few dozen public CVEs have been credited to Anthropic and only one specifically to Glasswing.Related:AI Can Autonomously Hack Cloud Systems With Minimal Oversight: ResearchersRelated:White House Chief of Staff to Meet With Anthropic CEO Over Its New AI Technology
Benincasa cautions that while 360’s AI capabilities appear significant, they do not yet appear to match the reasoning capabilities described for Claude Mythos. A closer comparison, the expert suggests, isGoogle’s Big Sleep, which accelerates discrete stages of vulnerability research rather than operating as a fully autonomous agent.However, the expert believes other aspects may ultimately matter more than any technical comparison. Chinese legislation requires private companies and researchers to report vulnerabilities to government agencies before disclosing them publicly, effectively channeling elite security research into state intelligence pipelines.This puts China at an advantage compared to the United States, Europe, and other democratic countries, Benincasa noted.As for Mythos’ capabilities, outside of Anthropic’s claims, Mozilla said the AI helped it find over270 Firefox vulnerabilities, and Palo Alto Networks reported a significant boost in vulnerability discovery.Others, however,pointed outthat only a few dozen public CVEs have been credited to Anthropic and only one specifically to Glasswing.Related:AI Can Autonomously Hack Cloud Systems With Minimal Oversight: ResearchersRelated:White House Chief of Staff to Meet With Anthropic CEO Over Its New AI Technology
However, the expert believes other aspects may ultimately matter more than any technical comparison. Chinese legislation requires private companies and researchers to report vulnerabilities to government agencies before disclosing them publicly, effectively channeling elite security research into state intelligence pipelines.This puts China at an advantage compared to the United States, Europe, and other democratic countries, Benincasa noted.As for Mythos’ capabilities, outside of Anthropic’s claims, Mozilla said the AI helped it find over270 Firefox vulnerabilities, and Palo Alto Networks reported a significant boost in vulnerability discovery.Others, however,pointed outthat only a few dozen public CVEs have been credited to Anthropic and only one specifically to Glasswing.Related:AI Can Autonomously Hack Cloud Systems With Minimal Oversight: ResearchersRelated:White House Chief of Staff to Meet With Anthropic CEO Over Its New AI Technology
This puts China at an advantage compared to the United States, Europe, and other democratic countries, Benincasa noted.As for Mythos’ capabilities, outside of Anthropic’s claims, Mozilla said the AI helped it find over270 Firefox vulnerabilities, and Palo Alto Networks reported a significant boost in vulnerability discovery.Others, however,pointed outthat only a few dozen public CVEs have been credited to Anthropic and only one specifically to Glasswing.Related:AI Can Autonomously Hack Cloud Systems With Minimal Oversight: ResearchersRelated:White House Chief of Staff to Meet With Anthropic CEO Over Its New AI Technology
As for Mythos’ capabilities, outside of Anthropic’s claims, Mozilla said the AI helped it find over270 Firefox vulnerabilities, and Palo Alto Networks reported a significant boost in vulnerability discovery.Others, however,pointed outthat only a few dozen public CVEs have been credited to Anthropic and only one specifically to Glasswing.Related:AI Can Autonomously Hack Cloud Systems With Minimal Oversight: ResearchersRelated:White House Chief of Staff to Meet With Anthropic CEO Over Its New AI Technology
Others, however,pointed outthat only a few dozen public CVEs have been credited to Anthropic and only one specifically to Glasswing.Related:AI Can Autonomously Hack Cloud Systems With Minimal Oversight: ResearchersRelated:White House Chief of Staff to Meet With Anthropic CEO Over Its New AI Technology
Related:AI Can Autonomously Hack Cloud Systems With Minimal Oversight: ResearchersRelated:White House Chief of Staff to Meet With Anthropic CEO Over Its New AI Technology
Related:White House Chief of Staff to Meet With Anthropic CEO Over Its New AI Technology
Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
Source: SecurityWeek
