Full Report
Qihoo 360, which the US has banned, says it’s needed as a deterrent to weaponized Anthropic models
Analysis Summary
# Industry News: Qihoo 360 Unveils "Tulongfeng" AI Swarm to Counter US-Led AI Cyber Weapons
## Summary
Chinese cybersecurity giant Qihoo 360 has announced a new AI-driven vulnerability discovery platform, "Tulongfeng," claiming it outperforms Anthropic’s "Mythos" model. The company frames this development as a strategic sovereign deterrent, arguing that US restrictions on AI access necessitate domestic "cyber-nuclear" parity to protect Chinese infrastructure.
## Key Details
- **Date:** June 26, 2026
- **Companies Involved:** Qihoo 360, Anthropic (Reference), Microsoft (Vulnerability validation)
- **Category:** Product Launch / Strategic AI Development
## The Story
During the 14th Beijing Cybersecurity Conference, Qihoo 360 CEO Zhou Hongyi announced the launch of "Tulongfeng," a multi-agent AI swarm designed for automated vulnerability discovery and exploit generation. The move is a direct response to Anthropic's "Mythos" model, which Zhou characterized as a "cyber nuclear weapon" due to its ability to find flaws in global software while remaining restricted to US-approved entities under "Project Glasswing."
Acknowledging that Chinese base models currently lag 20–30% behind US counterparts in raw compute and "brute force" capabilities, Qihoo 360 has opted for a "multi-agent swarm" architecture. Rather than relying on a single large language model (LLM), Tulongfeng utilizes specialized security agents that collaborate to model threats, trace data flows, build sandboxes, and generate exploits. The company claims the system has already identified long-dormant vulnerabilities in Windows, Office, and Excel, all subsequently confirmed by Microsoft.
## Business Impact
### For the Companies Involved
- **Qihoo 360:** Reaffirms its role as China’s premier national champion in cybersecurity, potentially deepening its ties with government and military entities despite (or because of) US sanctions.
- **Anthropic:** Becomes the benchmark for "weaponized AI," which may complicate its international regulatory navigation as its models are increasingly viewed through a geopolitical lens.
### For Competitors
- **US AI Vendors:** Face a new narrative where their safety-restricted models are used to justify the rapid, perhaps less-restricted, development of offensive AI tools in rival jurisdictions.
- **Chinese Tech Firms:** Qihoo 360 is leading a domestic alliance to adopt these tools, potentially sidelining smaller Chinese competitors who lack the massive malware libraries required to train such specialized agents.
### For Customers
- **Enterprises:** May see a surge in the discovery of "zero-day" vulnerabilities as AI-driven discovery goes mainstream, requiring faster patching cycles.
### For the Market
- **The "Cyber Arms Race":** The shift from "defensive AI" to "deterrence AI" suggests a market pivot where offensive capabilities are marketed as essential national security products.
## Technical Implications
The "Tulongfeng" architecture marks a shift from General-Purpose LLMs to **Agentic Workflows**. By automating the entire exploit chain—from discovery to sandbox testing and code generation—Qihoo 360 has reduced the "human-in-the-loop" requirement for high-level cyber operations. Their focus on "distilled experience" over "brute force compute" suggests that high-quality, domain-specific data (malware libraries) can compensate for lack of access to high-end GPUs.
## Strategic Analysis
- **Market Positioning:** Qihoo 360 is positioning itself as the "Anti-Mythos," framing its commercial products as a necessary shield for the Chinese state.
- **Competitive Advantage:** Access to 20 years of proprietary threat data and a "swarm" architecture that is more computationally efficient than massive monolithic models.
- **Challenges:** Continued US sanctions limit Qihoo 360’s ability to export these tools to Western markets, confining their business growth to the "Global South" and domestic Chinese markets.
## Industry Reactions
- **Analyst Opinions:** Analysts note that by using the term "deterrent," Qihoo 360 is explicitly linking commercial software development to military doctrine.
- **Market Response:** Increased interest in "Autonomous Security Research" (ASR) tools, as the discovery of five-to-ten-year-old bugs in Microsoft products proves the efficacy of the agentic approach.
## Future Outlook
- **Predictive Trend:** Expect a "Balkanization" of AI security tools, where the world splits into "Project Glasswing" (US-aligned) and "Yitianzhen/Tulongfeng" (China-aligned) ecosystems.
- **What to Watch for:** Whether these AI-generated exploits remain in the hands of "defenders" or if they begin appearing in wild-type attacks attributed to state-sponsored actors.
## For Security Professionals
Practitioners should prepare for a world where **vulnerability research is asymmetric**. If AI swarms can identify decade-old "dormant" bugs in weeks, the traditional "patch Tuesday" model is obsolete. Organizations must move toward AI-driven "Yitianzhen"-style continuous simulation to harden defenses at the same speed at which attackers are now discovering flaws.