China is copying AI models that found 10,000 vulnerabilities

In May, Google’s Threat Intelligence Group confirmed a historic first: an AI system had both discovered and weaponized a zero-day exploit that was subsequently used in real-world attacks. A criminal actor leveraged a frontier model to uncover a two-factor authentication bypass, construct a working exploit, and deploy it before any security defender was even aware the vulnerability existed. That breach marks a turning point in how we understand the intersection of artificial intelligence and cybersecurity.

The same class of advanced AI models that are now capable of finding and exploiting over 10,000 vulnerabilities are also the ones that Chinese state-backed entities are actively working to replicate. And that is precisely where the problem lies. The tools that can automate vulnerability discovery at scale are no longer theoretical. They are operational, and they are being copied.

As these models become more accessible, the barrier to entry for sophisticated cyberattacks drops dramatically. The ability to scan codebases, identify weaknesses, and generate exploit code is no longer limited to elite hackers. It is becoming a commodity. When a model can autonomously find a flaw, build a weaponized payload, and execute it before any patch exists, the traditional defender’s advantage evaporates.

The race is no longer about who has the most skilled human analysts. It is about who controls the most capable AI. And as China works to close the gap by copying or reverse-engineering Western frontier models, the global security landscape shifts into uncharted territory. The same technology that could help secure networks is being weaponized faster than defenses can adapt.