China has caught up to the US in AI cybersecurity. And the debate over restrictions is exploding

A new Semgrep benchmark just shattered assumptions about the AI race: Zhipu AI's GLM-5.2 (Z.ai) outperformed Claude Code in detecting IDOR vulnerabilities, scoring 39% F1 vs. Anthropic's 32% — at roughly $0.17 per vulnerability found, or one-sixth the cost of American frontier models.

The model is open-weight (MIT license), with 1M token context window and 750B MoE parameters. In short: downloadable, self-hostable, economically unstoppable.

The Wall Street Journal confirms that security researchers now consider Z.ai competitive with US models in identifying critical bugs, even if it still lags on other tasks.

But this opens a political wound.

While the Trump administration just signed an EO for voluntary pre-release reviews of frontier models, critics — from Politico to Congress — are asking: why are restrictions on Chinese models so lax?

The issue isn't just unauthorized distillation (recurring accusations against DeepSeek, Moonshot, Zhipu). It's that open, powerful models like GLM-5.2 are already circulating through thousands of American enterprise pipelines — often without supply chain audits.

As Rob T. Lee of the SANS Institute put it: "It's a hurricane warning, not a seawall." The US has at most 6-12 months before Beijing gains access to a model comparable to Mythos or GPT-5.5-Cyber.

The question we should all be asking:

If a Chinese open-weight model outperforms US frontier models in vulnerability discovery at one-sixth the cost, is a containment strategy built on export controls and voluntary reviews still viable? Or are we simply slowing down defenders while attackers accelerate?