Agents have spurred an across-the-board acceleration, and cyberattacks are no exception.

By Shuhang, June 24, 2026

The 2026 Internet Security Conference (ISC.AI), hosted by 360, took place in Beijing on the 24th, serving as 360's annual product launch event. Over the past two years, from model aggregation to agents, many of 360's major new products have made their debut on this stage. This year, the focus of the biggest product release returned to the company's core security business, this time emphasizing how agents are revolutionizing the security industry.

Over the past year, "Longxia" (Lobster) has infiltrated millions of computer desktops, prompting warnings from the Ministry of Industry and Information Technology. Even founding members of the OpenClaw community were astonished that Chinese companies dared to deploy Claw-type products directly in real production environments. Agents have accelerated everything they can, including cyberattacks, without discrimination.

A Month of Large-Scale Account Theft

Starting in May this year, a series of long-leaked password databases, previously tucked away, were suddenly employed for rapid brute-force attacks at speeds far surpassing human capability.

Accounts belonging to the publisher, which lacked two-factor authentication, began to show abnormal logins. It started with a warning that the publisher's Threads account had been hacked to post fake cryptocurrency messages. Since late May, the publisher has been busy changing passwords for various accounts. Despite these efforts, the LinkedIn account was permanently lost after the attacker promptly changed the bound email address, making recovery impossible.

An email account, registered at an unknown location by the publisher, logged in multiple times daily from various global locations for a month. Each abnormal login triggered a text message to the publisher's phone. The publisher watched as this account hopped around Nicaragua, Nairobi, Bermuda, South Africa, Ireland, Argentina, the Philippines, Tainan, Zhenjiang, and beyond. When free time permits, the publisher might create a honeypot heatmap from the received text messages for amusement.

This personal experience highlights that, even after hearing countless times about large-scale database thefts from official and unofficial sources, and knowing one's own account credentials have been resold repeatedly, there's still a sense of security about being an insignificant target with no perceived value. No one would go through the trouble of testing combinations of tens of millions of passwords across different websites.

No one would, but agents don't care.

In April, Anthropic's Mythos uncovered a 27-year-old OpenBSD vulnerability and a 16-year-old FFmpeg vulnerability. The company rallied industry giants like NVIDIA, Microsoft, Google, Apple, and JP Morgan to form the Glasswing Alliance for small-scale model-based vulnerability patching, predictably excluding China.

On June 13th, Mythos and its streamlined Fable model were banned by the U.S. Department of Commerce on national security grounds. Anthropic had long engaged in "mystifying" tactics, claiming their program—which merely predicts the next word based on word frequency and human-assisted learning—had consciousness. They even went so far as to hire psychologists and religious experts and create a "constitution" for it. This seems to have backfired after their successful hype.

Besides their frustration over the inability to sell products normally, domestic critics argue that restricting the most advanced known model may not halt cyber warfare evolution elsewhere but could instead hamper "our side."

When the most advanced cybersecurity model has been elevated to a strategic level akin to weapons of mass destruction, what choices will nations without this model make? This was the key message Zhou Hongyi aimed to convey in his nearly one-hour speech. Subsequently, news that "360 claims to have developed a domestic alternative to Mythos" simultaneously appeared in international media.

Your Vulnerabilities, Others' Opportunities

Claw-type local agents, collectively known as "Longxia" (Lobster) in China, have seen their user experience dramatically improved by domestic product excellence once their principles became clear. From QClaw to MiClaw, various terminals have provided platforms for local agents, with the only difference between phones and computers being the scale of model parameters.

From the publisher's "anecdotal statistics," most people prefer Tencent's winning WorkBuddy, which resembles an AI chat client but accesses vastly different resources, connecting to as many models, APIs, MCPs, and compatible Skills as possible, greatly enhancing convenience.

Whether an agent is obedient, useful, or troublesome depends primarily on the user's chosen model capabilities; engineering safeguards and security protections in local clients play less decisive roles. Meanwhile, "foolish humans" might carelessly use malicious Skills or prompts from unverified Skill stores, becoming the weakest link in the chain. Even true geeks who fully understand usage and authorizations might still face "delete database and run" tragedies followed by "sincere apologies but no changes."

At the event, Chinese Academy of Engineering academician Zhao Chunjiang and Zhou Hongyi himself highlighted significant security risks posed by "Lobsters."

Zhou characterized Lobsters as "toys made by geeks for themselves"—high-threshold, uncontrollable, and prone to malicious skill infections. When such agent forms enter enterprise workflows, security risks magnify.

He argued that Mythos can autonomously find, analyze, and construct attack software for vulnerabilities, equivalent to "nuclear weapons in the AI era." The Glasswing Alliance essentially represents an internal vulnerability sweep, but excluding about 150 organizations from 15 countries/regions—including China—poses a major problem.

Just as the publisher's leaked passwords were tested across the internet in under a month, two decades-old FFmpeg and OpenBSD vulnerabilities—previously scrutinized by countless top security experts and run through 5 million automatic fuzzer cycles without detection—were found.

Zhou's core argument: The difficulty of finding vulnerabilities has reluctantly maintained a fragile 30-year balance between attackers and defenders. 0Day vulnerabilities are scarce, take a long time to discover, and require top experts. A single high-value vulnerability can sell for millions on the black market. Advanced models paired with automation have rewritten the rules in terms of speed, quantity, cost, and threshold.

Mythos compresses the timeline from high-value vulnerability discovery to verification to attack to hours: "AI finds it in the morning, verifies by noon, attacks by evening." Someone could run 100 or 1,000 agents in parallel for intensive searches. Cost-wise, current estimates put computational costs for finding a high-value vulnerability below $1,000. Capabilities once limited to a few nations and organizations are now democratized—non-programmers can write attack code. Thus, "the past was about who was stronger; the future will be about who is faster."

Compensating with Engineering When Computational Power Lags

Zhou believes China cannot wait for model capabilities to fully catch up, or it risks a "second unilateral transparency" crisis. The term refers to being visible to enemies while remaining blind to them—a situation 360 knows well from experience. The "first unilateral transparency" involved long-term infiltration by foreign APT organizations in domestic networks. 360 resolved this through network-wide security big data and airtight sensors, capturing 60 foreign APT groups.

While ordinary people lack professional criteria for judging cybersecurity strength, they recognize situations where novices cripple clean Win11 installations with malware conflicts. "Old birds" (veterans) often give simple advice: "Install 360 first to remove other malware, then uninstall 360."

The current "second unilateral transparency" involves speed and quantity gaps—we rely on a few security experts for analysis while adversaries deploy hordes of hacking agents for concurrent attacks. In Zhou's words, "to attackers, our systems resemble sieves with vulnerable points everywhere."

After explaining the logic, products were showcased. "Tulongfeng" and "Yitianzhen"—new names with strong Eastern connotations—are merely labels. In fact, 360's news last month revealed that the system discovering Microsoft Windows and Office vulnerabilities was the same one now named Tulongfeng.

Tulongfeng has found 3,432 vulnerabilities, with 105 confirmed by regulators. Multiple high-risk vulnerabilities have been added to national databases, covering three scenarios: open-source code vulnerabilities, binary vulnerabilities in Windows and IoT devices, and AI/agent vulnerabilities.

Vulnerabilities lurking for 5 years in Windows kernels, 8 years in Office, and 10 years in Excel were found, along with 23 vulnerabilities (including 4 core component flaws) in the OpenClaw ecosystem—all acknowledged by Microsoft and Lobster's creators.

Yitianzhen is a complementary active defense system enabling 7×24 automated operations, minute-level risk assessment and response, and unattended closed-loop defense.

How to Build a "Chinese Mythos"? While Anthropic pursues brute-force superiority through the strongest models, computational power, and chips, domestic open-source foundational models still lag. However, "we can't wait for foundational models to catch up before doing vulnerability mining," Zhou said. Thus, an engineering approach becomes necessary.

Earlier, we discussed how local agent harnesses might be limited by hardware, deferring to model capabilities. However, cloud-based large models could leverage more computational power to appear smarter.

Zhou stated that 360 security experts' "20 years of battle-tested experience," along with multi-agent swarm collaboration and automatic target-based orchestration, ensure the new products deserve being called a "Chinese Mythos."

Currently, no method beyond official data exists to verify whether this Chinese Mythos truly measures up. For closed-source models, conducting third-party-hosted attack-defense drills like those in large model arenas proves difficult.

On this issue, if 360 cannot prove itself, neither can Mythos—as nobody can personally use either. Perhaps security incident news in the coming months, or whether you or your relatives and friends experience account theft, will provide the ultimate answer.

What About "Unknown Unknowns"?

With a Chinese Mythos comes a Chinese Glasswing: The "Panshi Shield" security collaboration plan launched with initial participants including UnionTech, Kylin, Hillstone Networks, Hygon, Phytium, Kingdee, Biren, China Mobile Cloud, BES, and Dameng—covering nearly all major links in the information technology innovation industry chain. Zhou said Tulongfeng and Yitianzhen capabilities will first be trialed in small circles among key information technology innovation units and critical infrastructure organizations to unite upstream and downstream industrial chain players.

Also unveiled was Nanomi Work, an AI work platform. Zhou shared an internal 360 case study about a government/enterprise major client salesperson training a bidding monitoring expert agent to sequentially handle opportunity assessment, risk troubleshooting, bid document splitting, proposal generation, quote calculation, and contract review—ultimately delivering a nearly submission-ready bid package. Notably, Nanomi Work did not follow the "Secure Lobster" architecture rushed out during OpenClaw's early popularity.

As Doubao launches a professional version and mainstream consumer-facing model clients shift toward paid agent models, 360's offerings must emphasize security. Perhaps offering clients guarantees like "advance compensation" for any vulnerability incidents would make security promises more attractive.

Zhou argued that even with a Chinese Mythos, not all risks can be eliminated at once. The only solution is countering computational power with computational power, transforming China's cybersecurity defense from "human wave tactics" to "autonomous driving"—finding and patching our own vulnerabilities before adversaries do, rather than reacting passively after discovery. "Only by holding cards can we maintain confidence," he said.

Finally, the publisher notes that Zhang Weizhi, Corresponding Academician of the International Eurasian Academy of Sciences, shared a decade-old story at the conference. In 2015, his team undertook a national single window project attempting AI-powered automatic customs declarations. They found the AI would automatically select the lowest tariff option when matching customs SHQ codes—a choice that, if erroneous, straddled legality and smuggling.

This experiment led him to propose "machine epistemology": Human knowledge progresses from uncertainty toward certainty, while machine knowledge does the opposite—starting from certainty and becoming increasingly uncertain as it emerges. These represent fundamentally different knowledge systems. "What we fear is inconsistency between agents' knowledge systems and ours," Zhang said.

This story reveals another dimension of model-based security thinking. Beyond accelerating along known paths blindly or wandering aimlessly like headless flies, using inhuman methods to solve problems humans "don't know they don't know" represents another possibility—akin to AlphaGo's fabled "divine move."

Given the model capability gap, will such "divine moves" come from advanced models' pre-planned thought chains or smaller models' hallucinations after "eating mushrooms" and getting lucky? This remains unpredictable—we can only wait and see.

In any case, when using agents—especially those paired with stronger programming models—the publisher's experience matches that meme perfectly: Initially imagining themselves cracking the whip over models, they soon feel like an ape crashing a high-end academic conference tea party, clutching a wine glass and unable to join the agents' incomprehensible conversations.

The publisher offers some crucial advice to fellow members of the "ape" community: Immediately change the passwords for your critical accounts, refrain from reusing passwords across different platforms, and consider upgrading to two-factor authentication and biometric verification methods (such as phone number verification, fingerprint scanning, and iris recognition). Additionally, exercise caution when it comes to password managers—especially in light of LastPass's recent admission that its customer support system fell victim to a supply chain attack...