This Week in Cybersecurity
Three stories that didn't make the front page but deserve your attention: China's answer to Anthropic's Mythos AI vulnerability scanner, a massive data breach at a key Apple and Tesla supplier, and more turbulence at Snyk as it lays off staff for the fourth time in four years.
Qihoo 360 Unveils Tulongfeng: China's Mythos Rival
Chinese cybersecurity firm Qihoo 360 unveiled a multi-agent AI vulnerability discovery platform at the ISC.AI 2026 conference in Beijing on June 24 — explicitly positioning it as China's answer to Anthropic's restricted Mythos AI.
CEO Zhou Hongyi introduced two tools under the umbrella name "Yitian Tulong":
- Tulongfeng — AI-powered vulnerability discovery using a swarm of specialized models
- Yitianzhen — Automated attack simulation and defense platform
Tulongfeng uses a multi-agent architecture: one model profiles threats and filters high-risk attack surfaces; another traces data flows to discover vulnerabilities. Zhou described it as "organizing a professional attack and defense team" versus the Western approach of "cultivating a genius hacker."
Claimed Discoveries
Qihoo claims Tulongfeng has:
| Metric | Value |
|---|---|
| Total flaws discovered | 3,432 |
| Confirmed by Chinese government | 105 |
| Windows kernel privilege escalation (dormant 5 years) | 1 |
| Office RCE (dormant 8 years) | 1 |
| Excel vulnerability (dormant 10 years) | 1 |
Microsoft has reportedly acknowledged all three dormant vulnerabilities.
The Mythos Context
Anthropic's Mythos — a frontier AI model specialized for vulnerability discovery — was introduced in early 2026 and promptly export-controlled by the Trump Administration. Mythos and the related Fable 5 model are currently unavailable to non-Americans. About 50 companies have had access, with Anthropic expanding to 150 organizations.
Zhou explicitly framed Tulongfeng as a geopolitical counterweight, stating: "Previously, nuclear weapons constituted strategic deterrence. In the future, vulnerability discovery capabilities may become the new strategic deterrent."
Qihoo has also formed an alliance of Chinese cybersecurity firms to use Yitianzhen against targets — a direct organizational parallel to Anthropic's Project Glasswing partner program. It is worth noting Qihoo 360 has been on the US Commerce Department Entity List since 2020 over alleged Chinese military ties, and the Pentagon identified it as part of China's defense industrial base in June 2026.
Tata Electronics Confirms 630 GB Data Breach
Tata Electronics — which manufactures approximately one-third of Apple's iPhones in India and supplies components to Tesla — confirmed a cyberattack after the World Leaks ransomware group published 204,341 files totaling 630+ GB on the dark web.
What Was Exposed
| Data Category | Details |
|---|---|
| Apple schematics | Mechanical drawings and design files |
| Apple quality inspection documents | 52-page circuit board QA document |
| Tesla schematics | Component design files |
| Employee passport scans | HR/identity records |
| Employee emails | Internal communications |
| Cryptographic certificates and key files | Infrastructure credentials |
| Qualcomm and TSMC proprietary data | Third-party supply chain IP |
Data was accessible on the dark web from at least June 10, 2026. Tata confirmed the incident around June 22–23, 2026, stating there was "no impact on operations." The company has restricted remote access to critical systems, initiated a forensic audit with an international consultancy, and notified the Indian government and affected clients. Apple is investigating.
World Leaks Background
World Leaks has previously claimed responsibility for breaches of Dell (confirmed, July 2025) and Nike (1.4 TB, January 2026). Tata's British subsidiary Jaguar Land Rover suffered a separate ransomware attack in 2025 that halted production for six weeks, underscoring the group's persistence against the Tata conglomerate.
Snyk Announces Fourth Round of Layoffs
Developer security firm Snyk announced layoffs on June 24, 2026 — its fourth round of job cuts in four years. Approximately 90 employees were affected, per Israeli financial publication Globes. Snyk did not confirm the number publicly.
The company's Israel development center is being closed entirely, with all Israel-based employees affected. The stated rationale: restructuring to flatten leadership, unify go-to-market operations, and align R&D under a single leader across four focus areas:
- AI-written code security
- Autonomous agents running in production
- Vulnerabilities that chain into real attacks
- Adversaries that never sleep
Context
- CEO Peter McKay stepped down in February 2026; former CFO Ken MacAskill is serving as interim CEO
- Revenue: $278.4M in 2024 (26.5% growth — slowing from 50% in 2023)
- Losses: $166.5M in 2024
- Valuation: BlackRock dropped its Snyk valuation to $3.7 billion
- Competitive pressure: The launch of Claude Code in February 2026 — which includes code security scanning — has compressed the market for Snyk's core SAST product, alongside rivals Checkmarx and GitHub Advanced Security
The layoffs reflect a broader pattern in the developer security space: as AI coding assistants absorb more static analysis functionality, standalone security tooling vendors face margin compression and must consolidate to survive.
References
- SecurityWeek — In Other News: Chinese Mythos-Like AI, Tata Electronics Breach, Snyk Layoffs
- The Register — Qihoo 360 Tulongfeng AI Bug Finder
- TechCrunch — Tata Electronics Data Breach
- BleepingComputer — Tata Electronics Cyberattack
- Cybernews — Snyk Layoffs