According to Zhou's claims, Tulong Feng has found a cumulative 3,432 vulnerabilities, with 105 confirmed by Chinese regulatory bodies and several flagged as high-severity by the national vulnerability database. Zhou claimed the agent-first route—coordinating specialized models rather than betting on a single frontier system—offsets whatever base-model gap still exists. "America has Mythos," he told the audience. "China also has its own 'Heaven-Sword Dragon-Saber.'"
The cybersecurity numbers were notable. Semgrep's evaluation of insecure direct object reference detection—a test measuring whether a model can spot unauthorized object access flaws in code, scored via the F1 metric that balances precision against recall—put GLM-5.2 at 39%, ahead of Claude Code in the same test.
A separate Graphistry evaluation found it matched Claude Opus 4.8 on a capture-the-flag challenge. Cost per finding: around $0.17, versus over $1 for Claude-based workflows.
won’t take that long


















