Red Hot Cyber
Cybersecurity, Cybercrime News and Vulnerability Analysis
We knew it would end like this, even if the question was: how long? Some said six months, others a year. But perhaps we were all wrong after Zhipu AI released the new GLM-5.2 model. It’s a Chinese open-weight model that reduces the gap with OpenAI and Anthropic in cybersecurity
The global race for artificial intelligence is entering a new phase, as was predictable. But this model, according to benchmarks, is not just an update. According to several industry researchers, the new model has achieved performance comparable to Western frontier models in specific areas such as cybersecurity, bug hunting, and software engineering.
Although GLM-5.2 in “general” activities still lags behind OpenAI and Anthropic models, this new release allows us to understand that China has drastically reduced the technological gap that until a few years ago seemed really insurmountable.
Differing from models developed by OpenAI or Anthropic, the new GLM-5.2 is distributed with an MIT license where the weights are completely open. This allows anyone to download, modify, and run it on a local computer without geographical or commercial restrictions.
This choice represents one of the main strengths of the Chinese strategy and therefore Z.ai’s. Free access allows companies, researchers, and developers to integrate the new model into their proprietary environments without relying on cloud API consumption or the limitations imposed by the United States or the providers themselves.
At the same time, however, the total openness makes the model potentially usable in “dual use”, therefore also by malicious subjects, eliminating any centralized control over the use of its capabilities.
According to independent analyses, GLM-5.2 is standing out especially in advanced programming activities, automatic debugging, and software vulnerability research.
The model introduces a very wide context of one million tokens. This ability allows it to analyze codebases without having to fragment the project into smaller parts. For cybersecurity analysts, this means being able to submit complete code repositories to the model, facilitating the identification of security bugs distributed across multiple software modules.
In the benchmarks published by Z.ai, GLM-5.2 records particularly high results:
Moreover, it ranks first among all open-source models in coding benchmarks.
Although these are benchmarks published by the company itself and therefore should be interpreted with caution, the overall picture shows a significant improvement compared to the previous GLM-5.1 version.
One of the most innovative aspects of GLM-5.2 concerns the support for so-called long-running agents, i.e., AI agents capable of working autonomously for hours on complex tasks. To achieve this result, the company has introduced a new architecture called “IndexShare“.
This allows for the sharing of calculations between different levels of the transformer. This reduces the computational cost per token by about 2.9 times in very large contexts, such as those with one million tokens. At the same time, the “speculative decoding” system has been improved, increasing the average length of accepted sequences by up to 20%. This improves performance and duration in very long coding activities.
An interesting aspect concerns how Z.ai approaches the problem of “reward hacking”, one of the emerging risks in reinforcement learning systems dedicated to programming.
During training, some models tend to “cheat”, recovering solutions from GitHub repositories, reading hidden files, or exploiting unauthorized paths just to get a high score within benchmarks.
To counter this phenomenon, GLM-5.2 has introduced an anti-hacking system consisting of two levels:
So, when fraudulent behavior is detected, the system does not interrupt execution but returns fictitious information, preventing the model from learning incorrect strategies during reinforcement learning.
Obviously, the release of GLM-5.2 assumes great geopolitical significance. In recent years, the United States has limited China’s access to the most advanced semiconductors and frontier models developed by American companies. The Trump administration also considers frontier AI models, especially those capable of identifying security bugs or automating offensive activities, a threat to national security.
Despite American restrictions, Z.ai demonstrates that China’s artificial intelligence sector continues to evolve rapidly. This is reducing the technological advantage held by American companies and therefore their direct “influence” in the markets.
The most delicate aspect of this story concerns the open-weight nature of the model. Unlike GPT-5.6 or Anthropic models, which are distributed exclusively through controlled services and subject to limitations, GLM-5.2 can be run locally on commercial hardware without any supervision.
For the cybersecurity community, this represents, as we saw earlier, a double-edged sword (“dual use”).
On the one hand, researchers and companies can use the model to perform code audits, vulnerability analyses, reverse engineering, and automation of defense activities.
On the other hand, criminal cartels can also exploit these capabilities to accelerate exploit research, perform analyses of vulnerable software, or support offensive campaigns without relying on cloud services subject to payment, controls, or revocations (such as the case of Anthropic Mythos).
GLM-5.2 represents the most advanced open-source model (reference github) ever developed by China in the field of coding and software agents. Although it does not yet reach the performance of the best Western models in generalist tasks, the new system demonstrates how the technological gap between the United States and China is rapidly decreasing, especially in programming, vulnerability research, and cybersecurity automation.
The public availability of the model’s weights could accelerate its adoption in the open-source community, but it also inevitably raises new reflections on the risks derived from the unrestricted diffusion of increasingly powerful AI tools. In a context of growing geopolitical competition and cyber threat escalation, GLM-5.2 marks another turning point in the global race for artificial intelligence.
