On June 27–28, two stories broke almost simultaneously.
One from the Financial Times: Apple is lobbying the Trump administration for permission to buy memory chips from CXMT (ChangXin Memory Technologies), a Chinese firm on the Pentagon's blacklist. The other from the Wall Street Journal's front page: Z.ai's GLM-5.2 matches the latest U.S. models at finding security bugs, raising questions about whether Washington's approach to restricting Chinese open models is handing Beijing a cyberwarfare advantage.
Each story is compelling on its own. Placed side by side, they reveal a deeper pattern: America's AI export control regime is being eroded from both the demand side and the supply side, simultaneously.
I. Apple × CXMT: When the Buyer Starts Lobbying Against Sanctions
1.1 What Happened
Six people familiar with the matter told the FT that Apple has been in contact with the U.S. Commerce Department for over a month, along with other Washington officials, seeking a license to purchase DRAM chips from CXMT. Apple is also reportedly considering YMTC (Yangtze Memory Technologies) for NAND flash.
CXMT is listed on the Pentagon's 1260H "Chinese Military Companies" roster and on the Commerce Department's Entity List. Under current rules, U.S. companies must obtain a government license to buy from Entity List firms—and such licenses are "typically difficult to secure" (FT).
1.2 Apple's DRAM Supply Chain: Held Hostage by Three
To understand why Apple would take this political risk, you need to see its current procurement structure.
iPhone DRAM supply is extremely concentrated: Samsung supplies roughly 60%, with SK Hynix and Micron splitting the remaining ~40%. NAND flash is similarly dependent on Samsung, Kioxia, and SK Hynix. Together, these three control over 90% of the global DRAM market.
Before AI data centers exploded, this structure was manageable—Samsung, SK Hynix, and Micron competed against each other, and Apple, as the world's largest buyer, could squeeze prices. Starting in H2 2025, the rules changed. All three shifted massive capacity toward the HBM (high-bandwidth memory) that AI data centers demand, systematically crowding out the LPDDR used in consumer electronics.
The competitive landscape flipped from "three vendors bidding for Apple's business" to "three landlords collecting rent":
- In Q1 2026, Samsung and SK Hynix demanded 80–100% price hikes for DRAM supply to Apple
- Apple accepted Samsung's 100% hike just to lock in volume
- LPDDR5X per-chip cost surged from roughly $30–40 to $120–145 (TechInsights)
- On the 256GB iPhone 17 Pro: 12GB DRAM cost ~$39, 256GB NAND cost ~$13. On the upcoming iPhone 18 Pro, equivalent DRAM cost is projected at $145, NAND at $51—nearly 4× the previous generation
- BOM share for memory + storage: from ~9% to a projected 27%
Apple raised MacBook and iPad prices globally on June 25: iPad Air from $599 to $749 (+25%), MacBook Air from $1,099 to $1,299 (+18%), MacBook Neo +16.7%, entry 14-inch MacBook Pro +17.7%. Market cap loss of $263 billion in a single day—the second-largest in corporate history.
Tim Cook, in an interview with the WSJ (as reported by multiple outlets), described the current memory price surge as unprecedented in his forty-plus-year career.
More tellingly, Apple is already being forced to "eat downgrades": per supply chain reports, Apple has stopped competing for advanced-node (1c/1β) premium DRAM and is instead buying mature 10nm+ legacy-node LPDDR from Samsung for standard iPhone models, entry-level iPads, and baseline Macs. Advanced-node capacity is reserved exclusively for the lower-volume Pro models.
1.3 The Structural Cause: AI Is Crowding Out Consumer Electronics
Samsung, SK Hynix, and Micron have redirected 70–80% of their advanced-node capacity and new capex toward HBM and DDR5. Massive wafer capacity has exited legacy nodes like LPDDR4X and DDR4, leaving smartphone-grade LPDDR supply chronically tight.
Micron's fiscal Q3 2026: revenue $41.5 billion (+346% YoY), non-GAAP net income $28.9 billion (+12×), gross margin 84.9%. Samsung and SK Hynix posted similarly record-breaking results.
This is not a price cycle. This is structural crowding-out. HBM buyers (NVIDIA, cloud hyperscalers) will pay any price; LPDDR buyers (phone makers) have fixed BOM ceilings. Memory manufacturers have no incentive to reserve capacity for lower-margin, harder-to-negotiate consumer electronics clients.
1.4 CXMT: From "Unusable" to "Negotiating Leverage"
The greatest value of Apple bringing in CXMT right now is not even the actual procurement volume—it's negotiating leverage. As long as a single alternative exists on the table, Samsung and SK Hynix's quotes will soften. Even if CXMT captures only 10–15% of Apple's DRAM supply, it can reset pricing dynamics for the remaining 85–90%.
CXMT's capacity is approaching critical mass. SemiAnalysis projects it could surpass Micron as the world's third-largest DRAM supplier by late 2026. Production capacity: 350,000 wafer starts per month (12-inch equivalent) by end of 2026, rising to 500,000 by 2028. On June 12, the CSRC approved CXMT's STAR Board IPO, targeting RMB 29.5 billion—the second-largest STAR IPO after SMIC.
From a "military company" in the Pentagon's eyes to a "candidate supplier" for the world's most discerning consumer electronics brand—CXMT's industrial position is shifting faster than the sanctions regime can adapt.
II. GLM-5.2 × WSJ: When Technology Spills Past the Containment Boundary
2.1 First, Understand What It Was Being Compared Against
The WSJ says GLM-5.2 "matches the latest U.S. models" at finding security bugs. The reference point is Anthropic's Mythos 5—a cybersecurity-specialized model so powerful the U.S. government shut it down.
Mythos 5 and Fable 5 share the same underlying model architecture. The difference is safety policy: Fable 5 was open to the public but equipped with three layers of safety classifiers; Mythos 5 had all safety guardrails removed, preserving full network attack, vulnerability discovery, and exploit generation capabilities. Access was granted only through "Project Glasswing" to roughly 200 vetted cybersecurity defense organizations, critical infrastructure operators, and government agencies.
How powerful was it?
| Benchmark | Mythos 5 | Opus 4.8 (previous gen) | Notes |
|---|---|---|---|
| ExploitBench (vulnerability discovery) | 78.0% | 40.0% | Nearly double |
| CyberGym (vulnerability reproduction) | 83.8% | 66.6% (Opus 4.6) | Found 27-year-old OpenBSD vulnerabilities, 10+ year old zero-days in mainstream OSes |
| Real-world capability | Full codebase auditing, mass vulnerability batch detection | — | — |
Released June 9, globally shut down June 12 under a Commerce Department export control order. Anthropic CEO Dario Amodei publicly disagreed, noting that "similar jailbreak capabilities exist in other public models including GPT-5.5." OpenAI subsequently released GPT-5.5-Cyber (a dedicated security model) on June 23, scoring 85.6% on CyberGym—surpassing Mythos 5's 83.8%.
2.2 What GLM-5.2's "Match" Actually Means
The WSJ's June 28 front page reported the researchers' findings. In fact, two independent cybersecurity companies—Graphistry (Louie.ai, via botsbench.com) and Semgrep—have already published their own benchmark data validating this conclusion.
Graphistry / CyBT-CTF (a blue-team security investigation agent benchmark using cheating-resistant blind testing—tasks and answers are hidden from model makers):
| Model / Combo | CyBT-CTF Solve Rate | Notes |
|---|---|---|
| GLM-5.2 + OpenCode | 28/59 | Ties frontier proprietary models |
| Opus 4.7/4.8 + Claude Code | 28/59 | Costs 2.2×+ more than GLM |
| GPT-5.5 + Codex | 28/59 | Same 28/59 tier |
| Sonnet 4.5 + OpenCode | 23/59 | GLM leads by 5 solves |
| MiniMax 2.5 | 16/59 | Next best open model, GLM leads by 20 pp |
Semgrep / IDOR vulnerability detection benchmark: Given nothing but a prompt and no additional tooling, GLM-5.2 beat Claude Opus 4.8. The Semgrep blog post title is blunt: "We have Mythos at Home: GLM 5.2 beats Claude in our Cyber Benchmarks."
GLM-5.2 is not a security-specialized model. It is Zhipu's general-purpose open-source model (753B MoE, MIT license). Its published benchmarks focus on coding and agent tasks:
| Benchmark | GLM-5.2 | GPT-5.5 | Opus 4.8 |
|---|---|---|---|
| FrontierSWE (long-form coding) | 74.4 | 72.6 | 75.1 |
| Code Arena (blind test) | #2 | — | #1 (Fable 5, offline) |
| PostTrainBench (agent training) | #2 | #3 | #1 |
| Artificial Analysis Index | 51 | 50 | 52 |
Notably, GLM-5.1 (its predecessor) had already scored 68.7% on CyberGym—exceeding Opus 4.6's 66.6%. Zhipu has not yet published GLM-5.2's formal scores on ExploitBench and CyberGym, but the WSJ-cited researchers' tests indicate it has entered the Mythos 5 tier on security bug discovery.
The significance is not the score itself, but that a general-purpose model achieved what took a dedicated security model to do. Mythos 5 was the most powerful cybersecurity model the U.S. government shut down on national security grounds. OpenAI responded with a dedicated GPT-5.5-Cyber to match it. Now a MIT-licensed Chinese general-purpose model, without dedicated security training, has been independently validated by two security companies on two different benchmarks as matching both on vulnerability discovery.
Graphistry's report raises an additional, more pointed finding: GLM-5.2's answer correlation with GPT-5.5 is anomalously high. Using Cohen's Kappa to measure right/wrong answer correlation between models, OpenAI vs. Anthropic shows a Kappa of only 0.63—what you would expect from two independent, separately-trained models. But GLM-5.2 vs. GPT-5.5 reaches 0.795, and vs. Opus around 0.76—far outside the expected range for independent training. On the blinded test set, GLM-5.2 and GPT-5.5 share 10 identical wrong answers (canonically, though with zero verbatim text matches).
Graphistry is careful with its language: "Read it as a serious distillation/copying review signal, not a public accusation or proof of copying or distillation." But this makes the WSJ's thesis even sharper: if GLM-5.2's security capabilities were indeed obtained through distillation of frontier closed models—then export controls not only failed to stop the technology diffusion, but the very IP the controls were meant to protect has already been extracted.
2.3 The Paradox of Restriction
The logical contradiction here is sharp.
On June 12, Anthropic received a Commerce Department letter requiring it to cut off foreign nationals' access to Fable 5 and Mythos 5. Both models have been offline globally ever since. The result?
- Developers worldwide were forced to seek alternatives
- GLM-5.2, fully open-source under MIT license and Anthropic API-compatible, had just launched
- Enterprises leapfrogged from "evaluating Chinese open models" straight to "deploying Chinese open models"
- Export controls effectively opened a market window that Chinese open-source models were positioned to fill
At the G7 summit, leaders of Canada and France voiced concerns about over-reliance on U.S.-controlled AI systems, while an anonymous official described the sudden pull of a closed model as a wake-up call (per Caixin/Yicai G7 coverage).
This is not technological competition alone. This is trustworthiness competition—a model that a government can kill with a single letter versus one that ships under MIT license, deployable locally, with no kill switch. Their weights in long-term commercial decisions are fundamentally different.
III. Two-Front Erosion: Why Export Controls Are Losing Their Grip
Before placing the two stories side by side, a distinction is necessary: Apple is lobbying against CXMT's Entity List sanctions (triggered by Pentagon-designated military ties), while GLM-5.2 faces AI model export controls (triggered by capability thresholds). The legal basis and enforcing agencies differ. But both face similar erosion mechanisms—market forces from the demand side, technology diffusion from the supply side—each penetrating the boundaries that policy set.
Laying the two stories side by side:
| Dimension | Apple × CXMT | GLM-5.2 × WSJ |
|---|---|---|
| Erosion direction | Demand side | Supply side |
| Driving force | Market (memory prices) | Technology (model capability) |
| Sanctioned target | A single Entity List chipmaker | AI model / technology export controls |
| Fracture within the sanctioning side | America's largest company lobbying against sanctions | Security agencies vs. commercial interests |
| Implication for China | Sanctioned firms being pulled back into supply chains by buyers | Restricted technology leaking through open-source channels |
This dual erosion is not accidental. The underlying mechanisms are:
Demand-side logic: AI's explosive growth has tightened the global hardware supply chain across the board. When bottleneck pressure reaches a critical threshold, buyers—even the most compliance-conscious buyers like Apple—are forced to seek sanctioned alternatives. This is not a political statement; it is pure procurement economics. When memory costs jump from 9% of BOM to 27%, the political risk of lobbying Washington is lower than the commercial risk of doing nothing.
Supply-side logic: Export controls rest on the assumption that "restricting access → maintaining a gap." But this assumption only holds if the restricted party cannot produce substitutes within a reasonable timeframe. GLM-5.2 and DeepSeek V4 have demonstrated that, at least at the model level, this assumption is rapidly breaking down. Open-source licensing bypasses all controls entirely—code travels over the internet, model weights travel over BitTorrent.
IV. If Approved: What It Would Mean
If Apple secures a license to buy CXMT memory, several chain reactions follow.
First, it transforms CXMT's market standing. Being admitted to Apple's supply chain is the highest quality certification in consumer electronics. Once Apple validates CXMT, other phone makers—Samsung, Xiaomi, OPPO—have no reason not to follow.
Second, it breaks the DRAM oligopoly's pricing alignment. The greatest value of Apple bringing in CXMT right now is not even the actual procurement volume, but the negotiating leverage. As long as a single alternative exists, Samsung and SK Hynix's quotes will soften. Even if CXMT captures only 10–15% of Apple's DRAM supply, it can reset pricing dynamics for the remaining 85–90%.
Third, it punctures the sanctions framework itself. CXMT is simultaneously on the 1260H list and the Entity List. If the White House approves Apple's procurement request, it effectively concedes that there is a "commercial exception" to the sanctions regime. Once that precedent is set, other sanctioned Chinese semiconductor firms will pursue similar exemption paths.
V. If Denied: Why the Lobbying Itself Already Changes the Game
Apple's lobbying will most likely not succeed on the first attempt. Per FT sources, no decision is expected before Q4. But the mere act of initiating it has already restructured the negotiating landscape.
It sends an unmistakable signal to Washington: AI supply chain bottlenecks have tightened to the point that even America's largest company is absorbing costs it can no longer tolerate. This is not a hedge fund thesis or a think tank policy brief. It is the judgment of the world's most sophisticated supply chain manager under genuine cost pressure.
Even if the lobbying fails, Apple has accomplished two things: first, it has gained additional leverage in price negotiations with Samsung and SK Hynix ("we are actively pursuing alternative supply sources"); second, it has signaled to the market that CXMT's quality is approaching Apple's standards. Both signals reshape the pricing dynamics of the memory supply chain.
Conclusion
Export controls as a policy tool rest on an implicit premise: you can restrict technology flows without significantly harming your own companies' competitiveness.
The two stories of June 28 challenge this premise from opposite directions. On the demand side, the world's most valuable company is being forced by unmanageable hardware costs to seek a sanctioned supplier. On the supply side, the output of the sanctioned entities is permeating global markets through open-source channels: when Anthropic's models went offline and developers worldwide scrambled for alternatives, GLM-5.2's open-source, API-compatible release was there to fill the migration gap.
This is not the collapse of the export control regime. But these are two clearly visible cracks. If they continue to widen, expect more signals like these over the next 12 to 18 months.
Disclaimer: This is an industry analysis based on public reporting. It does not constitute investment advice or policy advocacy. Apple's lobbying to procure from CXMT has not yet been approved, and the final outcome remains uncertain.