Polylog
The Polylog AI Intelligence Brief

Morning Edition · Monday, June 29, 2026

A Chinese Open-Weight Model Is Reported to Match Claude on Cybersecurity Tests

Independent benchmarking found Zhipu's GLM 5.2 outscoring Claude Code on one vulnerability-detection task at much lower cost, days after Washington restricted access to comparable United States models.

A Chinese Open-Weight Model Is Reported to Match Claude on Cybersecurity Tests

The security vendor Semgrep tested Zhipu AI's GLM 5.2 against Claude on cybersecurity tasks and reported that the open-weight Chinese model scored 39 percent on an Insecure Direct Object Reference (IDOR) detection benchmark, ahead of Claude Code at 32 percent, at roughly $0.17 per vulnerability found. GLM 5.2 is a mixture-of-experts model with about 750 billion total parameters and roughly 40 billion active per token, which keeps inference cost low relative to its size.

The result needs context. Both models trailed Semgrep's purpose-built multimodal pipeline, which scored 53 to 61 percent on the same task, with substantial scaffolding handling most of the work. A single prompt-only benchmark on one vulnerability class is a narrow basis for ranking models. On broader coding evaluations GLM 5.2 posts strong open-weight numbers, including 81.0 on Terminal-Bench 2.1, up from 63.5 for GLM 5.1 and within a few points of Claude Opus 4.8's 85.0, and 62.1 on SWE-bench Pro.

The timing is notable. The same week Washington restricted foreign access to Anthropic's Mythos and Fable models for their cyber capabilities, a downloadable Chinese model was shown performing competitively on cyber tasks. Weights that anyone can download cannot be recalled by an export directive.

Veracity: Plausible
70/100
If true, who benefits

Zhipu AI and China's open-weight ecosystem gain a credibility claim against gated United States models, and critics of export controls gain evidence that downloadable weights cannot be recalled by directive.

The nuance

The ranking rests on a single prompt-only benchmark for one vulnerability class from one security vendor, and both models trailed Semgrep's own purpose-built pipeline that did most of the work.

An open-source-intelligence read of how likely this story is true with its real nuance, not a judgment of any outlet. It assesses the claim, weighing independent and adversarial reporting. How we label confidence.

What this means

The pairing of strong open-weight cyber performance with United States export restrictions exposes the limit of model-access controls. Capability that ships as downloadable weights bypasses licensing entirely. For engineers without access to gated United States models, a $0.17-per-finding open model that approaches frontier coding scores is an immediate, practical substitute.

What to watch

  • Independent reproduction of the IDOR result across more vulnerability classes and harnesses, because a single benchmark from one vendor is not yet a settled capability claim.
  • How quickly enterprises and governments outside the United States standardize on GLM-class weights for security tooling, which would confirm a splitting of the world into separate model supply blocs.

Observations to monitor, not financial advice.

3 sources

Synthesized from: Semgrep · Let's Data Science · Graphistry

Part of a tracked trend

Chinese Open-Weight Models Emerge as the Non-US AI Stack

As Washington restricts foreign access to US frontier models, governments and enterprises cut off from American AI increasingly standardize on downloadable Chinese open-weight models, splitting the world into competing AI supply blocs rather than a single frontier.