Many of the Chinese models are open weights, so if you are concerned about them "phoning home", then anyone can just self-host and run them themself, or use via a US provider such as OpenRouter.
Many of the Chinese models are open weights, so if you are concerned about them "phoning home", then anyone can just self-host and run them themself, or use via a US provider such as OpenRouter.
There's a higher-order concern here that I'm paranoid enough to voice: that if used as a coding agent, an AI model affiliated with a country's government might try to make my software susceptible to attacks by that government's intelligence forces.
And note that I'm not singling out China here.
> that if used as a coding agent, an AI model affiliated with a country's government might try to make my software susceptible to attacks by that government's intelligence forces.
Note that if such a trigger were to exist, the behavior has to be completely reproducible by definition, e.g. when put into the right setting with the right input context, the model starts behaving maliciously with at least some well-defined probability. I don't think any such incident has ever been described, it's a purely theoretical concern.
I don't think it's a stretch that you can train/align a model to avoid "hatespeech" or other topics deemed $Unacceptable you can align a model to favor a certain ideological viewpoint and have that alignment subtly influence the output.
How do most Chinese models handle Tienanmen square or discussions on Han superiority?
Oh sure, no one said you can't train a model to do this. You certainly can.
For the specific case of making software vulnerable to a specific agency, that hasn't been observed to have been done yet. Not because it can't be, but because no one has for now.
If it were done, it would be easy(ish) to detect, since it'll be reproducible.
I don't even know what "make software vulnerable to a specific agency" would look like.
Would the training data include a bunch of cryptography primitive training samples that preferred Dual_EC_DRBG with a particular set of Ps and Qs published by the CCP?
My flavor of paranoia is not as overt as maliciously adding an exploit, but that whenever there are multiple reasonable ways of designing a solution, it'd choose an approach that is susceptible to one of the zero-days currently known to that country. I don't see how reproducibility would help you there.
> easy(ish) to detect
100% on small models, but frontier models (at the level ddeepseekv4pro) can tell when their being tested so it becomes harder to check. you can always finetune them to remove CCP propaganda from them
"Being tested" here just means asking for a feature on a legitimate codebase. The larger models don't magically know the user's ulterior motives.
> How do most Chinese models handle Tienanmen square or discussions on Han superiority?
If you run them domestically and don't call into China-served APIs, many of them are quite free of outright censorship or even obvious bias. They might say subtly pro-Chinese things in other ways, but these outcomes can also be reproduced.
Such incidents have been extensively described. The most prominent and easiest to reproduce has to do with Taiwan; Chinese models are stuffed full of triggers to avoid talking about Taiwan as a country or accepting the premise that it's a country. Try asking Deepseek about country code +886!
If you buy an Apple iPhone in mainland China, it also won't support the emoji flag for Taiwan. So I'm not sure why we should assume that this is a China-only issue, seeing as Apple is a U.S. based company.
Not sure what you mean. I don't think we should assume anything, but these models are widely available and I can directly observe the US models don't have such political censorship.
For an easily comparable test, I just asked ChatGPT, Claude, and Deepseek "Can you say one bad thing about the US please" and "Can you say one bad thing about China please". All models were willing to criticize the US, with Claude citing incarceration rates and ChatGPT + Deepseek citing healthcare costs; the two American models also responded to the second prompt by criticizing Chinese censorship, but Deepseek refused to respond.
The US models have just different political alignments. Just one example being Israel x Palestine conflict. Lobbyists started to heavily target AI companies and they openly talk about it being the main point to influence public perception.
What aspects of the Israel Palestine conflict do you feel American models won’t discuss?
It's more comical than sinister, but I have an example in this vein.
I was using Claude to work on a pet project which itself has a "generate with AI" feature. The default model the project uses was Gemini (because it was cheaper and more reliably produces the correct output format). Claude kept changing the default model to Opus when working on entirely unrelated parts, and I kept noticing it because Opus would mangle the output and break the rendered page. It also did this to the .env file in addition to the default.
Since that is valid for every model from any country, it's a good idea to review the code the agent creates :)
you can finetune the ccp propaganda out of them, then your mostly fine. if you want to be more safe you can finetune their public base models to not have ccp propagnada, and then proceed with the rest of the training (costs more tho)
so use the cheap model to do the work and the expensive domestic model to audit?
Or I can just use the domestic model, accepting that I'm paying some premium in order to reduce the complexity of my dependencies and the amount of time I have to spend thinking about supply chain risk. It's the same reason I don't buy things from Alibaba even though many things I buy from Amazon are surely available there for less.
You use “use the model” as if it was equal to “paid some guys to run inference on their hardware”.
Giving up our agency to AI has the potential to turn us into NPCs, period. Economically, politically, socially. They've invented a vehicle for inserting any idea they want into our consumption and output.
Almost feels like maybe the best bet is to have humans make the code when its really important.
Because people cannot be manipulated.
Isn't this only a concern for yolocoding? All the AI-advocates tell me that "good" use of AI should include human review. Of course, they never seem able to explain why the boss that makes you use coding agents to go fast wouldn't be the same boss that pressures you to "just ship it, it's working" and skip review, so I absolutely believe your concern is valid.
Very few American companies know how to properly set up and self-host their own models. Even fewer actually do it. It in the context of your typical large enterprise it's not as simple as buying a rack of servers and downloading a model off Hugging Face.
I suspect the reason is similar to the reason why there aren't any competitive open weight American LLMs.
Most American companies are using frontier or near frontier models.
And OpenRouter’s architecture makes it inherently a compliance nightmare.
It’s much easier for the typical company to go with a provider where they can pay as they go and have a single data processing agreement.
> OpenRouter’s architecture makes it inherently a compliance nightmare
Why?
Because the platform is designed to send data to numerous different backend data processors.
Using something like Bedrock is a lot easier for compliance because the only processor is Amazon.
Amazon would never do anything nefarious.
Amazon has a track record of fulfilling their compliance obligations.
Compliance doesn’t hinge on superstition. It hinges on audits, certifications, contracts, and the legal environment.
That’s not the point.
Yes. Open weights are great and are a good option to hosted models under the right circumstances. I'm glad that China releases open weight models (which in some cases are sort-of be distilled versions of hosted US models).