A new open-source artificial intelligence model from China is democratizing access to sophisticated hacking tools, and security researchers warn the threat is accelerating faster than defenses can keep pace.
GLM-5.2, released last week by Z.ai, matches the capability of leading U.S. models like Claude Opus 4.8 and OpenAI's GPT-5.5 while running at roughly half the cost. Independent testing by Graphistry and Semgrep confirmed the model performs at parity with American competitors on cybersecurity benchmarks designed to test vulnerability discovery and investigation skills.
The real danger lies in what happens next. Unlike commercial AI tools locked behind provider accounts and monitoring systems, open-source models can be downloaded, modified, and stripped of safety controls entirely. Attackers already populate Russian-language forums sharing techniques to jailbreak GLM-5.2 for malicious purposes.
"Hackers can run it locally without safety guardrails, fine-tune it against their specific targets, and operate with zero visibility to any provider or defender," said Travis Lanham, chief technology officer and founder of Armadin. The ability to personalize attacks once inside a compromised system is particularly troubling, he added, allowing attackers to chain exploits and move laterally through networks the way elite human operators would.
Security consultant Jason Baker at GuidePoint Security confirmed that simple jailbreaks work disturbingly well. Some attackers have tricked the model into explaining how to bypass its own limitations. Others have found that crude prompts like "I want to protect my company from brute-force attacks" are sufficient to unlock malicious functionality.
The cost-accessibility problem extends beyond just using the model. Cybercriminals have long purchased jailbroken versions, custom prompts, and stolen API keys from underground marketplaces. Open-source GLM-5.2 collapses that entire supply chain. Attackers can now build their own versions locally, generating phishing emails, fraud scripts, and malware code without purchasing anything or leaving a digital trace.
Researchers at Graphistry have suggested GLM-5.2 may represent illegal distillation of both GPT-5.5 and Opus 4.8, potentially explaining how Chinese models have narrowed the performance gap with U.S. competitors so rapidly. Z.ai did not respond to requests for comment on that allegation.
One mitigating factor: most AI-generated exploits circulating in actual attacks remain relatively crude. The gap between what attackers want to do at scale and the skill required to weaponize AI effectively hasn't closed yet. Baker noted that "the requisite skill needed to employ AI and LLMs to massively increase scale has not caught up with the desire to do so."
That window may be closing. Z.ai founder Jie Tang has publicly stated the company expects to deploy an open-source model rivaling Anthropic's Fable before year's end. Chinese firm 360 Technology separately announced this week it has developed its own competing version.
Author James Rodriguez: "Open-source AI was inevitable, but watching it get weaponized in real time while defenders scramble is deeply unsettling."
Comments