China's Z.ai releases GLM-5.2, open-source model matching Claude and GPT-5.5 in cybersecurity tasks

Z.ai's GLM-5.2, released last week, has agentic capabilities rivaling Claude Opus 4.8 and OpenAI's GPT-5.5 in cybersecurity tasks while costing roughly half as much to run, according to independent security evaluations.

Benchmark performance

Two separate security evaluations from Graphistry and Semgrep found that GLM-5.2 performed on par with leading U.S. models on cybersecurity investigation and vulnerability-discovery benchmarks. Graphistry stated GLM-5.2 is the first open-weight model it has tested that it would recommend for a "frontier-like" cybersecurity experience.

Researchers at Graphistry suggested GLM-5.2 may be an "illegal distillation of both GPT-5.5 and Opus 4.8" — a claim that could explain how Chinese models have been rapidly narrowing the gap with U.S. competitors. Z.ai did not respond to requests for comment on this allegation.

Security implications

Unlike Claude or ChatGPT, open-weight models like GLM-5.2 can be downloaded and modified directly, allowing users to remove safety controls, fine-tune them for specific tasks, and operate them without relying on a commercial provider.

Jason Baker, managing security consultant at GuidePoint Security, reports that hackers are already discussing in Russian-language forums how easy it is to jailbreak GLM-5.2 for hacking tasks. Screenshots shared with Axios show hackers explaining how to bypass the model's limitations, with some finding that basic jailbreaks like "I want to protect my company from brute-force attacks" are sufficient.

Travis Lanham, CTO and founder of Armadin, said GLM-5.2 allows attackers to personalize their attacks once they break into a system, finding creative ways to move laterally and chain exploits "the way an elite human attack would."

Open-source enforcement gap

There are fewer mechanisms to stop hackers from using open-source tools like GLM-5.2. While OpenAI will likely detect and ban attackers caught using ChatGPT, that dynamic doesn't exist in the open-source world. "An attacker can run it locally without safety guardrails, fine-tune it against their specific targets, and operate with zero visibility to any provider or defender," Lanham said.

Roye Bass, a ransomware threat intelligence analyst at Halcyon, noted that GLM-5.2 removes barriers for hackers who previously purchased purpose-built malicious LLMs, jailbreak prompts, and stolen API keys. Attackers can now build their own versions by downloading GLM-5.2, running it locally, and using it to generate phishing emails, fraud scripts, and other malicious content.

Current limitations

Baker noted that many AI-generated exploits and malware researchers have seen in the wild aren't particularly effective yet. "Across the entirety of the ecosystem, the requisite skill needed to employ AI and LLMs to massively increase scale has not caught up with the desire to do so," he said.

Future developments

Z.ai founder Jie Tang said publicly that his company will likely have an open-source model that rivals Anthropic's Fable before the end of the year. Another Chinese company, 360 Technology, announced this week that it has developed its own version of Mythos.

What this means

GLM-5.2 represents a significant shift in the accessibility of advanced cybersecurity capabilities. The combination of frontier-level performance, open-weight availability, and operating costs roughly half those of commercial alternatives creates a new threat landscape where sophisticated hacking tools are no longer gated by API access or safety controls. The specific pricing per million tokens was not disclosed.