“Whoever masters automated vulnerability discovery technology holds the upper hand in cyber offense and defense” – Zhou Hongyi, Chairman and CEO, 360 Digital Security Group (2018)

On April 7, 2026, artificial intelligence developer Anthropic introduced its new general-purpose model Claude Mythos Preview to a restricted partnership of over 40 vetted organizations, including major technology and cybersecurity firms, as part of its defensive security initiative Project Glasswing. The company stated that the Claude Mythos model has identified thousands of high-severity vulnerabilities across widely used software, including major operating systems and web browsers. Crucially, in some cases it can autonomously develop exploits and chain vulnerabilities without human intervention. Anthropic has not released the system publicly, citing the risks associated with such capabilities and the need for further safeguards before deployment at scale.

While independent assessment remains limited and technical details are sparse, governments are already responding: U.S. officials have reportedly briefed financial institutions on AI-enabled cyber risks, while German authorities have warned of significant disruption and the capacity of such systems to transform vulnerability discovery.

Recent developments suggest that similar capabilities are being explored in China. In February 2026, Natto Thoughts described how a team from 360 Digital Security Group (奇虎360, hereafter “360”), which won first place at the 2026 Tianfu Cup, a major Chinese exploit hacking contest,1 had relied extensively on AI-assisted discovery and exploitation, with its team lead stating that AI has evolved “from an auxiliary tool to the core engine of vulnerability discovery.” The team that placed third made similar claims. This raises a central question: have Chinese companies already developed systems with capabilities comparable to those claimed for Claude Mythos, and how might differences in institutional context shape their impact?

This analysis focuses on 360 as a primary case study, given its position as a leading cybersecurity company in China, its strong track record in top-tier vulnerability research, and the relative visibility of its recent AI-related disclosures.2 Recent disclosures describe internally developed multi-agent systems capable of identifying vulnerabilities, supporting exploit development, and automating parts of the research workflow that were previously manual, with claimed discovery at a scale approaching Anthropic’s description of Claude Mythos. Other firms appear to be pursuing similar approaches, though with more limited public information. The analysis then considers how such capabilities could translate into an asymmetric offensive advantage in China’s favor.

Subscribe now

Read more

Read more

Since the start of his second term in January 2025, the Trump administration has conducted military actions or strikes in seven countries. The ouster of Venezuelan president Nicolas Maduro in January 2026 and the ongoing US-Israeli joint military operation against Iran makes it feel as if the threshold for war has been lowered. Leaders across the globe are likely drawing their own conclusions. Bill Bishop, a China expert at Sinocism, remarked, “Maduro and now Ayatollah Ali Khamenei in two months. Would love to know what Xi really thinks about this,” referring to Chinese President Xi Jinping. Indeed, what does Xi think about these developments? In particular, how do they shape Xi’s views on Taiwan “reunification”? Have US military actions in seven countries influenced Xi’s perspective on using military force to achieve China’s goal of “reunification”—which he considers a “historical inevitability”?

A potential conflict between China and Taiwan would represent a globally significant inflection point. Drawing from the Center for Strategic and International Studies (CSIS) 2023 report The First Battle of the Next War: Wargaming a Chinese Invasion of Taiwan, this piece aims to conduct a reality check on a likely scenario of China-Taiwan conflict presented in the CSIS report, and examines the challenges and possible cyber implications of such a scenario and how organizations across sectors could be exposed, whether directly or indirectly.

Based on war games involving a simulated invasion, the CSIS study provides insights under clearly defined assumptions, including participating actors and their roles, mobilization timelines, ammunition availability and the type of operations conducted. While no single study can predict outcomes, its transparent methodology and multi-scenario approach provide a useful analytical foundation.

Subscribe now

Read more

The episode reflects growing awareness in parts of the European Union (EU) about the strategic implications of university partnerships with Chinese institutions embedded in the country’s defense research system. However, it remains an isolated institutional reversal, with similar collaborations persisting in a number of countries. In December 2025, Beihang itself claimed to have “elevated European cooperation to new heights.”

Over the past decade, university cooperation between some EU member states and China has expanded rapidly across several fields. Many of these exchanges generate legitimate academic and economic benefits. However, some partner institutions are not simply civilian universities.1 They are formally authorized to conduct classified weapons equipment research and are structurally embedded in China’s military and defense industrial system, raising concerns about dual-use knowledge transfer – research with both civilian and military applications – access to EU funding streams, and long-term institutional exposure and influence aligned with defense research agendas.2

Cyber-related disciplines are particularly sensitive. Fields such as software engineering, telecommunications, computer science, and information security cultivate inherently dual-use skills. These capabilities support civilian digital infrastructure and defensive cybersecurity, but also enable cyber espionage – including intellectual property theft – offensive cyber operations, and applications such as secure military communications and strategic command systems. Such capabilities can be deployed remotely in both peacetime and conflict.

Within this landscape, France stands out. Among EU member states, it has the highest concentration of cyber partnerships involving Chinese institutions that hold state secrecy clearance or maintain formal ties to China’s defense establishment. This piece maps EU–China cyber-related joint degree partnerships, identifies institutional risk factors including security clearance status and defense affiliation, and examines the French case in depth. Beihang University’s School of Cyber Science and Technology serves as a central case study, including analysis of its state and defense industry ties and a review of research activities and affiliations of nearly 80 faculty members.

The Appendix identifies EU–China cyber-related partnerships and their disciplinary focus, highlights relevant risk factors, and explains the methodology used to assess institutional affiliations and involvement in classified research.

Subscribe now

Read more

In this post, the Natto Team explores an example of a Chinese government and military-affiliated entity—the National Research Center for Information Technology Security (NITSC) (国家信息技术安全研究中心). We examine its organizational structure, affiliations, and capabilities, then reveal its military connections. Lastly, we present questions for further research.

Subscribe now

Read more

After skipping three editions in 2022, 2024, and 2025, the competition has now reappeared, although the reasons for this hiatus and revival remain unclear. The event was first announced on China’s MPS website on January 16. On January 19, the Tianfu Cup’s account on the social media platform X appears to have briefly posted about the competition before deleting the post shortly thereafter. The following day, the event’s website (hxxps://tianfucup[.]cn) became inaccessible from outside China. By February 2, following the conclusion of the contest, the site appeared to have been taken offline entirely and remains inaccessible as of this writing. The Natto Team was nonetheless able to access the website for this piece, which includes screenshots of relevant information, as well as MPS and private company press releases that remain accessible.

Building on earlier analyses of past Tianfu Cup events by the Natto Team and the From Vegas to Chengdu report from the Center for Security Studies at ETH Zurich, this piece examines what has changed with the Tianfu Cup’s return and why it matters. It analyzes the shift from a commercially led competition to one organized almost entirely by the MPS, specifically the Sichuan Provincial Public Security Bureau. It then looks at the structure of the 2026 edition and its two tracks, including evidence of AI-assisted techniques being used in vulnerability discovery and exploitation. Finally, it explores what remains the most consequential and unresolved question: where vulnerabilities discovered at the Tianfu Cup are likely to end up, and what this suggests about China’s evolving approach to vulnerability retention and state control.

A complete list of competition targets, as disclosed on the 2026 Tianfu Cup website, is reproduced in the appendix at the end of this piece.

Read more

Disclosures from a 2024 leak, together with a March 2025 U.S. indictment involving Anxun (i-SOON) Information Technology Co., Ltd (安洵信息技术有限公司), which has been linked to Chinese state-sponsored cyber campaigns, indicate that a single commercial actor can be tasked by, actively seek contract opportunities from, or perform work for, a large number of provincial MSS and Ministry of Public Security (MPS) bureaus. This case provides rare visibility into how a single firm can support multiple, distinct provincial mandates and supply the operational capacity through which intrusions are carried out at near-national scale.

Building on this, this piece examines how companies allegedly linked to APT activity – concentrated in a small number of provinces – enable cross-provincial operational scaling, even as provincial bureaus remain the primary source of tasking and authority. It begins by briefly distinguishing legitimate businesses from front companies, then traces how earlier cyber operations were likely predominantly organized around provincially bounded, bureau-executed models centered on front companies.2 Next, it shows how market maturity enabled greater collaboration between government agencies and legitimate firms, and concludes by examining why these firms are concentrated in a handful of provinces.

Read more

The Natto Team believes that understanding these Chinese cybersecurity companies is essential for grasping how China develops its cyber capabilities. Since launching Natto Thoughts in 2023, our team has investigated several Chinese cybersecurity companies involved in state-sponsored or state-linked cyber operations. Our findings suggest that China has established a highly effective and state-aligned system, notably integrating the private sector—Chinese cybersecurity companies—in building its cyber capabilities.

In this post, the Natto Team examines the overall development of China’s cybersecurity sector and the top cybersecurity companies of 2025 based on the ISC’s CICCI reports, which analyze these companies’ key performance indicators, innovation and research and development (R&D) capabilities, business and market coverage, and how their core functions align with China’s national priorities.

Subscribe now

Read more

Natto Thoughts had a great year in 2025, experiencing strong growth in both readership and collaboration. The Natto Team would like to thank our readers for making our in-depth explorations of China’s evolving cyber ecosystem our most-viewed reports of the year. Your support drives our research. We also want to thank and for their research collaboration efforts. Three of the top five reports resulted from this partnership.

Collectively, these five reports provide a comprehensive overview of how China has formally institutionalized its cyber capabilities, resulting in a highly effective and state-aligned system—particularly highlighting the integrated role of the private sector.

Here are the highlights from the top 5 reports:

• “Defense-Through-Offense Mindset: From a Taiwanese Hacker to the Engine of China’s Cybersecurity Industry“: This report demonstrated how the guiding philosophy, “To defend, one must first know how to attack” (以攻为防), originated in 1990…

Read more

To defend systems, one must first pinpoint the source of malicious activity. Most cyber threat intelligence (CTI) firms focus on tactical and operational attribution: tactical attribution identifies and clusters technical details such as malware used, attack methods, or indicators of compromise, while operational attribution uses characteristics of activity clusters to infer group profiles and assigns labels like “APT” or “UNC.”1 Strategic attribution goes further by identifying the real-world individuals or entities behind an intrusion.

Some CTI experts debate the conditions under which strategic attribution is appropriate, while others highlight the technical challenges of identifying threat actors, the political motivations behind public disclosure, and the legal standards required to assign responsibility. The Natto Team and other researchers believe that – compared to “cluster-based” tactical and operational attribution – the strategic identification of real-world individuals and o…

Read more

Read more

In China, these questions are far less abstract. Private companies have been core contributors to national cyber capability building for years, supported by both policy and institutional design. They develop many of the tools, techniques, and forms of expertise that underpin defensive security products and can also be leveraged for state-sponsored cyber operations. The clearest organizational expression of this approach is companies’ widespread use of attack-defense labs (攻防实验室), internal units that merge defensiv…

Read more

During his first state visit to South Korea after 11 years, Xi presented two Chinese-made Xiaomi brand smartphones—the world’s third-largest smartphone brand—to South Korean President Lee Jae Myung. When Lee asked delightedly about the quality of communication and the security of the phone, Xi smiled and said, “You can check if there is a backdoor.”

President Xi is undoubtedly fully aware that the United States and its allies have warned that Chinese technology may contain backdoors—what the …

Read more

Additionally, when law enforceme…

Read more

As this ecosystem has evolved, the Chinese state moved to harness the vulnerability research for national priorities through both formal and informal channels. From the top down, it imposed institutional mechanisms such as direct oversight of researchers and regulations that mandate or incentivize reporting to state-run entities. From the bottom up, informal networks among prominent researchers, who exchange insights and acquisition o…

Read more

First, an update: The Company Webpage of Sichuan Zhixin Ruijie is Found

Previously, the…

Read more

On August 27, 2025, the United States and 22 government agencies from 13 countries issued a Cybersecurity Advisory entitled, “Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System.” The advisory outlined the tactics, techniques, and procedures (TTPs) employed by advanced persistent threat (APT) actors whose activity partially overlaps with activity grouped under names such as Salt Typhoon, OPERATOR PANDA, RedMike, UNC5807, and GhostEmperor.

The document identified three Chinese companies—Sichuan Juxinhe Network Technology Co. Ltd. (四川聚信和网络科技有限公司), Beijing Huanyu Tianqiong Information Technology Co., Ltd. (北京寰宇天穹信息技术有限公司), and Sichuan Zhixin Ruijie Network Technology Co., Ltd. (四川智信锐捷网络科技有限公司)—that have supported these APT activities globally since at least 2021. These organizations reportedly supplied cyber-related products and services to China’s intelligence entities, including units within the People’s Liberat…

Read more

In our last piece, we showed how truly elite offensive cyber talent has always been scarce, even within China’s massive hacker communities of the 2000s. But how did this small circle of talent actually develop offensive capabilities? In China, these fall under the broader category of “live-fire” capabilities (实战能力),1 i.e. the ability to apply tools and techniques such as penetration testing, security operations, and incident response. As we discussed here, here, and here, hacking contests, bug bounty platforms, and cyber ranges have become core pillars of China’s modern live-fire talent pipeline. Today, these mechanisms are deeply institutionalized across universities, companies, and state-backed initiatives, serving as the backbone for identifying and training skilled operators.

Read more

Truly elite offensive cyber talent has always been rare. Despite the growth of cybersecurity communities worldwide, and the emergence of extensive and structured talent pipelines in countries like China – examined in Natto pieces 1, 2 and 3 – which have made high-quality talent more widely available, truly exceptional individuals remain scarce and highly sought after.

As early as 2013, the Science of Military Strategy—a foundational text published by the PLA Academy of Military Science—noted that while cyber warfare benefits from a “broad mass base,” the traditional Chinese military ideal of “all people are soldiers” does not translate to cyberspace. Instead, it emphasized that only an “extremely lean” cohort possessed the capabilities required for high-level cyber operations.1

…

Read more

Launched in 2008, MAPP is designed to reduce the time between the discovery of a vulnerability and the deployment of patches. By giving trusted security vendors early access to technical details about upcoming patches, Microsoft enables them to release protections (such as antivirus signatures and intrusion detection rules) in sync with its monthly updates. The program, however, relies on strict compliance with non-disclosure agreements and the secure …

Read more