Zhipu AI's open-weight GLM-5.2 has matched Anthropic's restricted Mythos model on vulnerability detection benchmarks, and because anyone can download and run it freely, Washington's export control logic has collided with something it wasn't built to handle.
The US government spent much of June wrestling with Anthropic's Mythos. On June 12, it ordered Anthropic to disable access to both Mythos and Fable for foreign users, citing fears that the models' ability to find and exploit software vulnerabilities could accelerate cyberattacks at scale. By June 27, after Anthropic worked with the Commerce Department on safeguards, Secretary Howard Lutnick cleared Mythos for a select group of trusted partners. Fable stayed banned. The entire episode was premised on the idea that keeping these capabilities gated was meaningful. GLM-5.2 arrived one day into the blackout to complicate that premise entirely.
Released June 13 under the MIT license by Beijing's Zhipu AI (Z.ai), GLM-5.2 is a 753-billion-parameter mixture-of-experts model with a one-million-token context window, built for long-horizon coding tasks. Security firm Semgrep published benchmark results on June 22 showing GLM-5.2 scored 39% F1 on IDOR (Insecure Direct Object Reference) detection, outperforming Claude Code running on Opus 4.6 at 37% F1, at a cost of roughly $0.17 per vulnerability found. Graphistry ran it separately on the CyBT-CTF capture-the-flag benchmark and found it matched Opus 4.8 on solve rate, calling it the first open-weight model they would recommend for a frontier-like cybersecurity experience. These aren't vague assertions from a lab's own marketing team. They're reproducible tests from independent security researchers.
The open-weight status is the point. Export Administration Regulations were engineered for physical things: chips with serial numbers, hardware with a supply chain, facilities subject to inspection. A 750-billion-parameter model file hosted on Hugging Face has none of those properties. It has no provenance chain and no regional fence. Anyone, anywhere, can download GLM-5.2, modify it, fine-tune it, and run it on local infrastructure. The export order that kept Mythos behind an approved-entity list does not reach it. That isn't a loophole. It's a structural incompatibility between the regulatory tool and the thing it's trying to regulate.
Z.ai co-founder Tang Jie, a computer science professor at Tsinghua University, made his position clear on X on June 18. Elon Musk had estimated Chinese AI could reach Fable-class capability by Q1 2027. Tang Jie replied that it won't take that long, adding that "at a time when access to cutting-edge models has been arbitrarily cut off, we are more certain of one thing: science must be global." That's not a corporate press release. It's a position, stated plainly, and it lands harder because GLM-5.2 gives it credibility.
The timing is not incidental. GLM-5.2 debuted the day after the Anthropic ban, running on Huawei chips, benchmarking favorably against the exact model Washington had just decided was too dangerous to share. The US House had already opened a formal inquiry in May into cybersecurity risks from Chinese AI models in critical infrastructure, naming Zhipu AI alongside DeepSeek, MiniMax, and ByteDance. That scrutiny hasn't slowed the lab down.
What makes GLM-5.2 a policy problem rather than just a competitive story is the combination of capability and distribution. A closed Chinese model that matched Mythos would still require a user to route traffic through Z.ai's API, which means a data trail, a dependency on Chinese cloud infrastructure, and at least a nominal compliance surface. An open-weight model that matches Mythos has none of those constraints. You can run it on your own servers in Virginia or Vilnius, and nobody's API logs your queries. US House inquiries into PRC-origin AI and critical infrastructure assume some ongoing relationship between the model and the Chinese entity that built it. MIT-licensed weights sever that assumption.
The Semgrep numbers shouldn't be overstated. GLM-5.2 still scored below Semgrep's own multimodal pipeline, which hit 53 to 61% F1 on the same IDOR task. There are categories of frontier reasoning where Mythos retains a clear edge. But the benchmark result isn't really the point. The point is that the gap between what Washington decided was too dangerous to export and what anyone can now download has narrowed enough to make the entire export-control logic difficult to defend. You don't need parity to undercut the policy. You need to be close enough that restricting the US model no longer protects anything meaningful.
For enterprise customers outside the US who lost access to Mythos and Fable mid-contract, GLM-5.2 is already winning budgets. Chinese open-source has found a distribution channel that closed US models, even once their restrictions are partly lifted, can't replicate. TechCrunch noted in late June that Asian AI startups rushed to fill the Mythos gap, but GLM-5.2 isn't a gap-filler. It's the model that benchmarked the gap away. The White House's next calculus on AI export controls has to start from that fact, not from the assumption that the gap is still wide enough to matter.
Also read: Momenta's Hong Kong IPO prices at HK$295.60 as Chinese autonomous driving bets on software margins over profits • Micron Technology briefly overtook Meta and Tesla in market value after revenue quadrupled on AI memory demand • Independent filmmakers are making animated features for $50,000 and the math now works