FlashFeed

At ISC.AI 2026, China’s 360 Security Technology unveiled “Yitian Tulong,” two AI models for vulnerability discovery and automated defenseFounder Zhou Hongyi described Tulongfeng as the “Chinese Mythos,” claiming it found 3,432 flaws, with 105 confirmed by the governmentZhou acknowledged a 20–30% capability gap vs. US models, but stressed building a professional attack‑and‑defense team over reliance on a single “genius hacker” approachA Chinese cybersecurity company recently unveiled two Artificial Intelligence (AI) models, one of which is supposed to be the country’s answer to Anthropic's Mythos.Mythos is an advanced AI model that can surface and exploit software vulnerabilities at scale and is currently only available to a couple dozen major US firms because it is allegedly too powerful (and thus dangerous) to be shared with everyone. During the ISC.AI 2026 cybersecurity conference, which was held at the Beijing National Convention Center on June 24, 2026, Chinese cybersecurity company 360 Security Technology unveiled two tools collectively called “Yitian Tulong”, Reuters reports.Taking a different approachYitial Tulong comprises two AI models: Tulongfeng, and Yitianzhen. According to founder Zhou Hongyi, the former is the “Chinese Mythos”, while the latter is a way to automate defense and incident response. "This kind of powerful weapon that can change the landscape of cyber offence and defense cannot be held ⁠only by others," Zhou allegedly said during the presentation. Claims about the capabilities of these models cannot be independently verified, and in the case of Yitian Tulong, will probably never be. The company said Tulongfeng found 3,432 software flaws, including 105 allegedly confirmed by the Chinese government. Zhou also discussed taking a different approach compared to the US - a country which relies on “the strongest model, the strongest computing power, and the strongest chips”."Objectively speaking, domestic models still have a 20%-30% gap in base capability," Zhou said. "China cannot wait until model capabilities have fully caught up before starting ​vulnerability discovery, because we cannot afford to wait."According to Zhou, 360 is building a “professional attack-and-defense team”, rather than “just” a single genius hacker: "If Mythos is a top-end chip, what we are building is a complete machine that can run stably, work 24 hours a day and make fewer mistakes," he said. "If the U.S. route is to cultivate a genius hacker, 360's route is to organise a professional attack-and-defense ⁠team."Via Reuters

ExtraHop’s Global Threat Landscape Report shows 49% of ransomware victims only detected attacks after data theft, up from 31% last yearAverage dwell time before detection is 2.5 weeks; attackers exploit encrypted channels, valid accounts, and alert fatigue to evade defensesRansom payments fell from $3.6M to $2.8M, but payment frequency rose sharply, with 83% of surveyed victims paying in 2026 vs. 70% in 2025Criminals are getting better at hiding within their victims’ infrastructure, lurking and stealing files without triggering any alarms whatsoever. Earlier today, network detection and response experts ExtraHop released the “Global Threat Landscape Report”, based on a survey of more than 1,800 IT and security leaders worldwide. In it, it is said that roughly half (49%) of organizations that were struck by ransomware did not detect the threat until after the data was stolen.This is up from 31% a year ago, ExtraHop stressed, showing the improvement criminals made within just 12 months. Several factorsOn average, cybercriminals have 2.5 weeks of quiet time before being spotted in ransomware incidents, the report stated. Furthermore, 14% of victims were unaware of an attack until receiving a ransom demand, which is also up from 6% a year ago.“Prolonged dwell times often parallel a highly complex threat environment where critical alerts are obscured,” ExtraHop said in a press release shared with TechRadar Pro. The researchers uncovered several factors that led to delays in investigating critical alerts, including attackers using encrypted channels (41%), attacker activity mirroring legitimate workflows and processes (38%), using valid, high-privilege account permissions (34%), and alert fatigue (30%). Undermined baseline behavior also enabled anomalous actions to fly under the radar (27%). The good news is that the average ransom payment dropped year-on-year, from $3.6 million down to $2.8 million. However, the bad news is that the payment frequency spiked. While in 2025 70% of respondents paid a ransom, this year 83% have done the same, at least among ExtraHop’s respondents.When Chainalysis ran a similar survey recently, it said that in 2025 the number of successful ransomware attacks grew, while the number of payments remained relatively flat, meaning that in absolute numbers - there were fewer companies paying ransomware attackers.