China’s Open-Source GLM-5.2 Matches Frontier US AI in Cybersecurity Performance
Chinese open-source model matches Claude Mythos in vulnerability detection.

The arrival of GLM-5.2, a Chinese open-source model from Zhipu AI, has disrupted the established hierarchy of frontier artificial intelligence. According to data reported by The Wall Street Journal, this new entrant is now matching or exceeding the performance of leading Western systems like Anthropic’s Claude Mythos in critical cybersecurity assessments.
Unlike its American counterparts, which are increasingly shielded behind API walls and export restrictions, GLM-5.2 was released on June 13, 2026, under an open-weight license. This allows users to download and execute the model locally, bypassing the oversight typically associated with proprietary platforms.
In independent testing performed by Semgrep, GLM-5.2 recorded a 39% F1 score in detecting Insecure Direct Object Reference (IDOR) flaws. This performance edge is notable as it surpasses the 32% to 37% range achieved by Claude Code. Graphistry further corroborated these findings, noting that a free, downloadable model from Z.ai can now rival the most advanced systems in the United States.
The economic implications of this parity are significant. Zhipu AI has managed to drive down the cost of vulnerability discovery to approximately $0.17 per instance. This represents roughly one-sixth of the cost required to achieve similar results using the Claude ecosystem.
Zhipu AI, also known as Z.ai, has optimized GLM-5.2 for long-horizon tasks—complex coding projects that require hours of sustained reasoning, such as building compilers or optimizing kernels. In benchmarks measuring the completion of these multi-hour projects, GLM-5.2 outperformed both GPT-5.5 and Claude Opus 4.7. It currently holds the position of the top-ranked coding model on the Terminal-Bench 2.1 leaderboard.
However, the accessibility of such high-tier capabilities raises concerns among security researchers. They warn that when a frontier-level model is released with an open-weight license, the window between defensive automation and offensive exploitation narrows. While Claude Mythos 5 and Fable 5 remain under U.S. export controls following recent jailbreak vulnerabilities, GLM-5.2 is readily available on platforms like HuggingFace and ModelScope.
The model is distributed under the MIT license, permitting use without the standard restrictions found in proprietary software. It supports various inference frameworks, including vLLM and SGLang, and can be integrated directly into coding agents like ZCode or OpenCode.








