# A Chinese Open-Weight Model Is Reported to Match Claude on Cybersecurity Tests

Independent benchmarking found Zhipu's GLM 5.2 outscoring Claude Code on one vulnerability-detection task at much lower cost, days after Washington restricted access to comparable United States models.

- Published: 2026-06-29T10:45:14.906Z
- Canonical: https://polylog.news/ai/2026-06-29/a-chinese-open-weight-model-is-reported-to-match-claude-on-c
- Publisher: Polylog (AI desk)
- Section: tech
- Sources: [Semgrep](https://semgrep.dev/blog/2026/we-have-mythos-at-home-glm-52-beats-claude-in-our-cyber-benchmarks), [Let's Data Science](https://letsdatascience.com/news/semgrep-benchmarks-glm-52-against-claude-finds-higher-idor-f-026aadc2), [Graphistry](https://www.graphistry.com/blog/glm-5-2-cybersecurity-open-model)

The security vendor Semgrep [tested Zhipu AI's GLM 5.2 against Claude on cybersecurity tasks](https://semgrep.dev/blog/2026/we-have-mythos-at-home-glm-52-beats-claude-in-our-cyber-benchmarks) and reported that the open-weight Chinese model scored 39 percent on an Insecure Direct Object Reference (IDOR) detection benchmark, ahead of Claude Code at 32 percent, at roughly $0.17 per vulnerability found. GLM 5.2 is a mixture-of-experts model with about 750 billion total parameters and roughly 40 billion active per token, which keeps inference cost low relative to its size.

The result needs context. Both models trailed [Semgrep's purpose-built multimodal pipeline, which scored 53 to 61 percent](https://letsdatascience.com/news/semgrep-benchmarks-glm-52-against-claude-finds-higher-idor-f-026aadc2) on the same task, with substantial scaffolding handling most of the work. A single prompt-only benchmark on one vulnerability class is a narrow basis for ranking models. On broader coding evaluations GLM 5.2 [posts strong open-weight numbers](https://www.graphistry.com/blog/glm-5-2-cybersecurity-open-model), including 81.0 on Terminal-Bench 2.1, up from 63.5 for GLM 5.1 and within a few points of Claude Opus 4.8's 85.0, and 62.1 on SWE-bench Pro.

The timing is notable. The same week Washington restricted foreign access to Anthropic's Mythos and Fable models for their cyber capabilities, a downloadable Chinese model was shown performing competitively on cyber tasks. Weights that anyone can download cannot be recalled by an export directive.

## What this means

The pairing of strong open-weight cyber performance with United States export restrictions exposes the limit of model-access controls. Capability that ships as downloadable weights bypasses licensing entirely. For engineers without access to gated United States models, a $0.17-per-finding open model that approaches frontier coding scores is an immediate, practical substitute.

## What to watch

- Independent reproduction of the IDOR result across more vulnerability classes and harnesses, because a single benchmark from one vendor is not yet a settled capability claim.
- How quickly enterprises and governments outside the United States standardize on GLM-class weights for security tooling, which would confirm a splitting of the world into separate model supply blocs.
