Black Mythos: Wukong
Welcome to Memetic Warfare.
This week we’ll check out some interesting activity and commentary from China.
The first is Tsinghua’s Center for International Security and Strategy and their 2026 “External Security Risks for China” report, available here.
Tsinghua’s CISS is headed by one Da Wei.
Da Wei was previously employed in the MSS’s 11th Bureau, meant to “engage with foreign scholars… to influence foreign policy debates”. Da Wei’s program also hosts exchange programs for US students coming to China:
That makes this document more interesting than just a straightlaced threat analysis document or national intelligence assessment. The document is meant to share China’s perspectives and narratives globally.
Don’t just take it from me. This is apparent in the two objectives of the CISS as per its website:
One: “follow the changes in global dynamics, offering policy suggestions… through researches on topics of international order, international relations and security and strategic studies…”
Two: elucidate and disseminate China’s perspectives nad policy propositions… to enhance the international community’s understanding of China…”
We can see this expressed in the topics covered in the fairly short report, as well as the narratives present. I do sense some AI editing, with titles like “When the bubble meets the surplus”.
The document doesn’t read as the type of sober analysis one would expect from a prestigious think tank. Looking at the section focusing on China-Japan relations, we see that the report accuses Japan of stoking the “China Threat” narrative for domestic political purposes - a claim we’ve seen leveraged against the US and others - and of taking “provocative” action in other realms.
Having said that, the document is far more professional than other Chinese reporting.
We won’t dive in-depth to the other topics, instead focusing on the cyber component.
The cyber component focuses on “AI-driven cyberattacks”, claiming that China could face “large-scale, coordinated, state-level cyberattacks”. Not an entirely implausible phenomena, but there’s a lot of fearmongering.
The section also covers the “weaponization” of AI. On the whole, the section is comparatively tame, though it does dip its toes into fantastatical directions, such as “telecom fraud syndicators” carrying out “highly sophisticated cyber operations”.
Overall, comparatively tame. The same goes for their perception of quantum:
This dovetails nicely with a recent statement from Qihoo 360, China’s leading cybersecurity company and one that we’ve discussed many times before.
Qihoo announced that it has developed a model comparable to Anthropic’s Mythos. Reuters covered their statement, as 360 plays a leading role in promoting China’s influence efforts surrounding cyber in past years.
360’s founder, Zhou Hongyi, announced the two tools, which are named as a reference to a Chinese wuxia named “Yitian Tulong”, meaning “Heavenly Sword and Dragon Saber”. While I’m all for pop culture references, as the title of this post shows yet again, I’d love to see some classical Chinese references here. Maybe next time.
The tools focus on automatic discovery of vulnerabilities, while the other seemingly is the much-vaunted agentic SOC we’ve all waited for, with an IR team on the side.
Zhou also gave us some exposition on his perspective on AI, stating that China faces significant risk from Mythos and it not being available to the Chinese market.
Zhou said that 360 wouldn’t go down the “strongest model” route, instead going for “agents”.
This approach is a bit clearer one sentence down, but even then - the limitations of this approach are obvious. Why couldn’t Anthropic have both a “genius hacker” and a professional team?
I, personally, can’t wait for the upcoming 360 and CVERC joint reports on how Heavenly Sword and Dragon Saber fought off Mythos.
This element of competition between the US and China a,t the product and planning level, is interesting to see. There’s been a lot of discussion of US-China AI competition at the hardware level, model level and recently with distilling:
In this case done with tens of thousands of fake accounts:
Consider the scale of residential proxies and infra required to do this! Wonder if it would detract from other IO or cyber efforts, or if they’re using mainly black hat services.
That aside, 360 is doubling down and leading not only China’s fight on the product side, but the PR and StratComs as well. It’s only a matter of time before they set up some AI front group to publish reports like the CVERC.
That’s it for this week, thanks for reading.



















