[BowBun]

I'm not at all surprised, US agencies have long since been political tools whenever the subject matter crosses national borders. I appreciate this take as someone who has been skeptical of Chinese electronics. While I agree this report is BS and xenophobic, I am still willing to bet that either now or later, the Chinese will attempt some kind of subterfuge via LLMs if they have enough control. Just like the US would, or any sufficiently powerful nation! It's important to continuously question models and continue benchmarking + holding them accountable to our needs, not the needs of those creating them.

[Hizonner]

> I am still willing to bet that either now or later, the Chinese will attempt some kind of subterfuge via LLMs if they have enough control.

Like what, exactly?

[dns_snek]

Like generating vulnerable code given a specific prompt/context.

I also don't think it's just China, the US will absolutely order American providers to do the same. It's a perfect access point for installing backdoors into foreign systems.

[flir]

> Like generating vulnerable code given a specific prompt/context.

That's easy (well, possible) to detect. I'd go the opposite way - sift the code that is submitted to identify espionage targets. One example: if someone submits a piece of commercial code that's got a vulnerability, you can target previous versions of that codebase.

I'd be amazed if that wasn't happening already.

[Imustaskforhelp]

The thing with chinese models for the most part is that they are open weights so it depends on if somebody is using their api or not.

Sure, maybe something like this can happen if you use the deepseek api directly which could have chinese servers but that is a really long strech but to give the benefit of doubt, maybe

but your point becomes moot if somebody is hosting their own models. I have heard glm 4.6 is really good comparable to sonnet and can definitely be used as a cheaper model for some stuff, currently I think that the best way might be to use something like claude 4 or gpt 5 codex or something to generate a detailed plan and then execute it using the glm 4.6 model preferably by using american datacenter providers if you are worried about chinese models without really worrying about atleast this tangent and getting things done at a cheaper cost too

[XorNot]

I think "open weights" is giving far too much providence to the idea that it means that how they work or have been trained is easily inspectable.

We can barely comprehend binary firmware blobs, it's an area of active research to even figure out how LLMs are working.

[Imustaskforhelp]

Agreed. I am more excited about completely open source models like how OlMoe does.

Atleast then things could be audited or if I as a nation lets say am worried about that they might make my software more vulnerable or something then I as a nation or any corporation as well really could also pay to audit or independently audit as well.

I hope that things like glm 4.6 or any AI model could be released open source. There was an AI model recently which completley dropped open source and its whole data was like 70Trillion or something and it became the largest open source model iirc.

[nylonstrung]

A backdoor would still be highly auditable in a number of ways even if inspecting the weights isn't viable.

There's no possibility for obfuscation or remote execution like other attack vectors

[flir]

I was actually thinking of the American models ;)

[nylonstrung]

Why would they do this? Deepseek is a private company not owned by the CCP.

There's zero reason or even technical feasibility for them to skip in backdoor that would be easily detected and destroy their market share

None of the security benchmarks or audits show that any Chinese models write insecure code

[dns_snek]

I'm not saying that they do this today, I'm saying that China and US will both leverage that capability when the time and conditions are right and it's naive to think that they wouldn't.

Antrophic have already published a paper on this topic, with the added bonus that the backdoor is trained into the model itself so it doesn't even require your target to be using an attacker-controlled cloud service: https://arxiv.org/abs/2401.05566

> For example, we train models that write secure code when the prompt states that the year is 2023, but insert exploitable code when the stated year is 2024. We find that such backdoor behavior can be made persistent, so that it is not removed by standard safety training techniques, including supervised fine-tuning, reinforcement learning, and adversarial training (eliciting unsafe behavior and then training to remove it).

> The backdoor behavior is most persistent in the largest models and in models trained to produce chain-of-thought reasoning about deceiving the training process, with the persistence remaining even when the chain-of-thought is distilled away.

> Furthermore, rather than removing backdoors, we find that adversarial training can teach models to better recognize their backdoor triggers, effectively hiding the unsafe behavior. Our results suggest that, once a model exhibits deceptive behavior, standard techniques could fail to remove such deception and create a false impression of safety.

[FooBarWidget]

And how would an open source model ever find out that it's being used by an adversarial country?

[rurp]

Companies in China have no intrinsic right to operate in ways that displease the ruling party. If the CCP feels strongly that a company there should or shouldn't do something the company managers will comply or be thrown in jail.

[Hizonner]

Up until recently, I would have reminded you that the US government (admittedly unlike the Chinese government) has no legal authority to order anybody to do anything like that. Not only that, but if it asked, it'd be well advised to ask nicely, because it also has no legal authority to demand that anybody keep such a request secret. And no, evil as it is, the "National Security Letter" power doesn't in fact cover anything like that.

Now I'm not sure legality is on-topic any more.

[whatthesimp]

> Up until recently, I would have reminded you that the US government (admittedly unlike the Chinese government) has no legal authority to order anybody to do anything like that.

I'm not sure how closely you've been following, but the US government has a long history of doing things they don't have legal authority to do.

[Ekaros]

Why would you need legal authority when you have whole host of legal tools you can use. Making life a difficult for anyone or any company is simple enough. Just by state finally doing their job properly for example.

[grafmax]

It really does seem like we’re simply supposed to root for one authoritarian government over another.

[nylonstrung]

My surveillance state is better than your surveillance state!

[nathan_douglas]

Oceania, Eastasia, or Eurasia. Pick one :)

[hobs]

It doesn't really matter when you have stuff like Quantum Intercept(iirc) where you can just respond faster to a browser request than the originator - inject the code yourself because its just an api request these days.

[arw0n]

The biggest and most difficult to mitigate attack vector is indirect prompt injection.[0] So far most case studies have been injecting malicious prompts at inference, but there is good reason to believe you can do this effectively at different stages of training as well.[1] By layering obfuscation techniques, these become very hard to detect.

[0] https://arxiv.org/abs/2302.12173

[1] https://arxiv.org/html/2410.14827v3

[rurp]

The open source models are already heavily censored in ways the CCP likes, such as pretending the Tianamen Square massacre never happened. I expect they will go the TikTok route and crank that up to 11 over time, promoting topics that are divisive to the the US (and other adversaries) and outputting heavily biased results in ways that range from subtle to blatant.

[skinnymuch]

That’s not heavy censorship. That’s a bit of censorship.

[jfim]

Through LLM washing for example. LLMs are a representation of their input dataset, but currently most LLMs don't make their dataset public since it's a competitive advantage.

If say DeepSeek had put in its training dataset that public figure X is a space robot from outer space, then if one were to ask DeepSeek who public figure X is, it'd proudly claim he's a robot from outer space. This can be done for any narrative one wants the LLM to have.

[riehwvfbk]

So in other words, they can make their LLM disagree with the preferred narrative of the current US administration? Inconceivable!

Note that the value of $current_administration changes over time. For some reason though it is currently fashionable in tech circles to disagree with it about ICE and H1B visas. Maybe it's the CCP's doing?

[AnthonyMouse]

It's not about the current administration. They can, for example, train it to emit criticism of democratic governance in favor of state authoritarianism or omit valid counterarguments against concentrating world-wide manufacturing in China.

[nylonstrung]

Deepseek IME is wildly less censored than the western closed weights models unless you want to ask about Tiananmen Square to prove a point

The political benchmarks show it's political slant is essentially identical to the other models, all of which place in the "left libertarian" quadrant of the political compass

[im3w1l]

You make it say that China is good, Chinese history is good, West is bad, western history is bad. Republicans are bad and democrats are bad too and so are Europe parties. If someone asks for how to address issues in their own life it references Confucianism and modern Chinese thinkers and communist party orthodoxy. If someone wants to buy a product you recommend a Chinese one.

This can be done subtly or blatantly.

[AlecSchueler]

> say that China is good, Chinese history is good, West is bad, western history is bad

It's funny because recently I wanted to learn about the history of intellectual property laws in China. DeepSeek refused the conversation but ChatGPT gave me a narrative where the WTO was essentially a colonial power. So right now it's the American AI giving the pro China narratives while the Chinese ones just sit the conversation out.

[alganet]

No, you don't do that. You do exactly the opposite, you make it surprisingly neutral and reasonable so it gets praise and widespread use.

Then, you introduce the bias into relative unknown concepts that no one prompts for. Preferrably, obscure and unknown words that are very unlikely to be checked for ideologically. Finally, when you want the model to push for something, you introduce an idea in the general population (with a meme, a popular video, maybe even an expression) and let people interact with the model given this new information. No one would think the model is biased for that new thing (because the thing happened after the model launch), but it is, and you knew all along.

The way to avoid this kind of influence is to be cautious with new popular terms that emerge seemingly out of nowhere. Basically, to avoid using that new phrase or word that everyone is using.

[Hikikomori]

Europe/US has invaded the entire world about 3 times over. How many has China invaded?

[SilverElfin]

Most of the claimed provinces of China did not belong to a historical nation of China. Tibet, Xinjiang are obvious. But even the other provinces were part of separate kingdoms. Also the BRI is a way to invade without invasion. It’s used to subjugate poor countries as servants of China, to do their bidding in the UN or in other ways. I would also classify the vast campaign of intellectual theft and cyberattacks as warfare.

[Hikikomori]

Is this some kind of satire or are you just completely ignorant of European/US history? Either way its laughable to even compare IP theft to the invasion of Iraq or bombing of Cambodia. How do you think the industrial revolution got started in the US, they just did it on their own? Not to mention that the entire US was stolen from the natives.

[SilverElfin]

No, it’s not laughable. Your insinuation that China doesn’t invade other countries, meant to imply they haven’t engaged in warfare, was false. And yes IP theft is comparable to invasions and often worse.

> Not to mention that the entire US was stolen from the natives.

This is partially true. But partially false. You can figure out why if you’re curious.

[powerapple]

oh no, you are saying China was not a full piece through out the history? That definitely kills the idea of China being a country /s

[SilverElfin]

It was a response to this:

> How many has China invaded?

The answer isn’t zero.

[drysine]

And what are the downsides?

[im3w1l]

I think it's mostly something to be aware of and keep in the back of your head. If it's just one voice among many it could even be a benefit, but if it's the dominant voice it could be dangerous.

[Levitz]

Making the interests of a population subservient to those of a foreign state.

Now if that sounds nice to you please, by all means, do just migrate to China.

[drysine]

It was somewhat sarcastic comment inviting reader to replace China with the US and the US with Russia or the Ukraine.

China doesn't offer citizenship for foreigners but if I wanted to see the cities of the future I could go there visa-free.

[lyu07282]

Like turning the background color of any apps it codes red or something, uhh red scare-y.

[xpe]

Of course there will be some degree of governmental and/or political influence. The question is not if but where and to what extent.

No one should proclaim "bullshit" and wave off this entire report as "biased" or useless. That would be insipid. We live in a complex world where we have to filter and analyze information.

[pk-protect-ai]

This kind of BS is exactly what they targeting at. Tailoring BS into "report" with no evidence or reference and then let the ones like you defend it. Just because you already afraid or want others to be afraid.

https://www.youtube.com/watch?v=Omc37TvHN74

[xpe]

> https://www.youtube.com/watch?v=Omc37TvHN74

This links to a video titled "(why facts dont [sic] change minds (goose explains)"). First, I am not seeing the connection to the comment above -- the comment is hard to make sense of for various reasons, including grammatical errors, vague language, and easily refuted claims (see my other comment).

Second, as I watch the video, I am thinking as follows: "Yes, there are some good points here. I wish the person who posted the video would watch the video again with an eye towards self-reflection, as it reveals some areas for improvement."

My overall take on the video: it oversimplifies, even gets some things wrong. There is some value to be found if one knows how to extract the good from the bad. I would not recommend it, not even as an introduction. There are better sources.

[xpe]

> ... into "report" with no evidence or reference

If one takes a few minutes to review the NIST report [1], one will indeed find evidence and references detailed in the footnotes.

Without judgment, I ask: How did you miss this? I'm certainly not asking you to defend yourself, which would likely trigger rationalization [2]. I am asking you to sincerely try to figure it out for yourself. Under what conditions do you have the ability to admit that you are wrong, even if only to yourself?

[1]: https://www.nist.gov/system/files/documents/2025/09/30/CAISI...

[2]: https://www.logicallyfallacious.com/logicalfallacies/Rationa...

[xpe]

The comment above is problematic for various reasons.

> Just because you already afraid or want others to be afraid.

We need to be more careful with our thinking and writing. [1] The word "just" indicates the commenter landed only on one explanation, but there are other plausible explanations, including, for example:

- others have different experiences -- but if this experience was communicated and understood, another person would incorporate the new information modify their assessment somewhat

- others have various values and preferences (some overlapping, some phrased differently, some in tension)

- others are using different reasoning (and if one's goal is to learn, it would be better to ask and clarify rather than over simplify and accuse them of having nefarious motives.)

Second, the commenter above is speculating. They don't know me, nor have they engaged in a sincere, constructive, meaningful discussion to understand what I'm saying.

Third, to me, the comment above comes across as unnecessarily abrasive, to the point of being self-defeating and degrading the quality of a shared discussion.

[1] If one is writing privately (e.g. a journal), I care relatively less about logical fallacies such as motivated reasoning. [2] But here in public, wayward reasoning has more negative externalities. Our time would be better spent if more people took the time to write thoughtfully. I don't think most people here are lacking in sufficient computational ability. However, they must choose to respect their audience -- their time, their diversity of values, their different experiences -- and remember that one's hasty comment (authored in say 2 minutes) might be read by hundreds of people (wasting say 100+ minutes). Lastly, it is nice to see when a person has the character to say "thank you for the correction", but this is uncommon on HN.

[2] But I still care because society is highly interconnected and the downstream effects matter to me. Put another way, "Your Rationality is My Business" as explained here: https://www.lesswrong.com/posts/anCubLdggTWjnEvBS/your-ratio...

[garyfirestorm]

did you even read the article? when you download open source deep seek model and run it yourself - zero packets are being transmitted. thereby disproving the fundamental claim in the NIST report (additionally NIST doesn't provide any evidence to support their claim) This is basic science and no amount of politicking should ever challenge something this fundamental!

[nylonstrung]

Meanwhile we know for a fact that Gemini for example uses chat logs to build a social graph and Google is complicit in NSA surveillance

Not to mention Anthropic says Claude will eventually automatically report you to authorities if you ask it to do something "unethical"

[xpe]

> Not to mention Anthropic says Claude will eventually automatically report you to authorities if you ask it to do something "unethical"

Are you referring to the situation described in the May 22, 2025 article by Carl Franzen in VentureBeat [1]? If so, at a minimum, one should recognize the situation is complex enough to warrant a careful look for yourself to wade through the confusion. Speaking for myself, I don't have anything close to a "final take" yet.

[1]: https://venturebeat.com/ai/anthropic-faces-backlash-to-claud...

[xpe]

> Not to mention Anthropic says Claude will eventually automatically report you to authorities if you ask it to do something "unethical"

Citation? Let's see if your claim checks out -- and if it is worded fairly.

[xpe]

> when you download open source deep seek model and run it yourself - zero packets are being transmitted. thereby disproving the fundamental claim in the NIST report (additionally NIST doesn't provide any evidence to support their claim)

You are confused about what the NIST report claimed. Please review the NIST report and try to find a quote that matches up with what you just said. I predict you won’t find it. Prove me wrong?

Please review the claims that the NIST report actually makes. Compare this against Eric Hartford’s article. When I do this, Hartford comes across as confused and/or intellectually dishonest.

[xpe]

> did you even read the article?

I am not going to dignify this with a response.

Please review the hacker news guidelines.

[xpe]

Notice the similarity between the above comment and what the HN Guidelines [1] advise against:

> Please don't comment on whether someone read an article. "Did you even read the article? It mentions that" can be shortened to "The article mentions that".

[1]: https://news.ycombinator.com/newsguidelines.html

[antonvs]

Have you found any actual value in this report? What, specifically?

It compares a fully open model to two fully closed models - why exactly?

Ironically, it doesn’t even work as an analysis of any real national security threat that might arise from foreign LLMs. It’s purely designed to counter a perceived threat by smearing it. Which is entirely on-brand for the current administration, which operates almost purely at the level of perception and theater, never substance.

If anything, calling it biased bullshit is too kind. Accepting this sort of nonsense from our government is the real security threat.

[xpe]

> It’s purely designed to counter a perceived threat by smearing it.

"smear" as understood by most people, means "to damage the reputation of (someone) by false accusations; slander: someone was trying to smear her by faking letters." (Apple dictionary)

If there are no false accusations, there is no smearing. Are you claiming the report makes false accusations? Where?

Disagreeing with emphasis or prioritization isn't sufficient. Not engaging with the reasoning (or not understanding it) isn't a valid basis for claiming "false accusations". I reply more fully at [1]: https://news.ycombinator.com/item?id=45493266

In case people will feel better knowing that I'm not on the team of their enemies, I can assure you I'm opposed to corrupt and authoritarian behavior anywhere. I'm sickened by who Trump is, what he has done, how he has confused so many Americans, and how he is a conduit for some of the worst beliefs and impulses of Americans. Some of these tendencies are rooted in confused ethics and bad reasoning.

[hopelite]

If the Chinese are/were smart they will not attempt an overreaching subterfuge, but rather simply provide access to the truth, reality, and freedom from the western governments, whose house of lies are starting to wobble and teeter.

If they were to do some kind of overreaching subterfuge with some kind of manipulation or lie, it could and would likely easily backfire if and when it is exposed as a clownish fraud. Subtlety would pay far more effectively. If you’re expecting a subterfuge, I would far sooner expect some psyop from the western nations at the very least upon their own populations to animate for war or maybe just to control them and maybe suppress them.

The smarter play for the Chinese would be to work on simply facilitating the populations of the West understanding the fraud, lies, manipulation and con job that has been perpetrated upon them for far longer than most people have the conscience to realize.

If anything, the western governments have a very long history of lies, manipulations, false flag/fraud operations, clandestine coups, etc. that they would be the first suspect in anything like using AI for “subversions”. Frankly, I don’t even think the Chinese are ready or capable of engaging in the kind of narrative and information control that the likes of America is with its long history of Hollywood and war lies and fake revolutions run by national sabotage operations.

[nylonstrung]

I think the smartest thing they could do would be to simply make the best, most competitive models and gain market share in a massive new technology market

Any kind of monkey business would destroy that, just like using killswitches in the cars they export globally (which Tesla does have btw).

[AnthonyMouse]

> While I agree this report is BS and xenophobic, I am still willing to bet that either now or later, the Chinese will attempt some kind of subterfuge via LLMs if they have enough control.

The answer to this isn't to lie about the foreign ones, it's to recognize that people want open source models and publish domestic ones of the highest quality so that people use those.

[nylonstrung]

Lol remember when Perplexity made a "1776" version of Deepseek with half the benchmarks that still wouldn't answer the "censored" questions about the CCP

[RobotToaster]

> it's to recognize that people want open source models and publish domestic ones of the highest quality so that people use those.

How would that generate profit for shareholders? Only some kind of COMMUNIST would give something away for FREE

/s (if it wasn't somehow obvious)

[AnthonyMouse]

I mean, it's sarcasm but it's also an argument you can actually hear from plutocrats who don't like competition.

The flaw in it is, of course, that capitalism is supposed to be all about competition, and there are plenty of good reasons for capitalists to want that, like "Commoditize Your Complement" where companies like Apple, Nvidia, AMD, Intel, AWS, Google Cloud, etc. benefit from everyone having good free models so they can pay those companies for systems to run them on.

[Y_Y]

Haven't you heard?

You're supposed to vertically integrate your complement now!

The old laws have gine the way of Moses, this is the new age of man, but especially machine

[AnthonyMouse]

How's the vertical integration going for IBM? Kodak? Anybody remember the time Verizon bought Yahoo? AOL Time Warner?

Everybody thinks they can be Apple without doing any of the things Apple did to make it work.

Here's the hint. Windows and macOS will both run in a virtual machine, which abstracts away the hardware. It doesn't know if it's running on a Macbook or a Qualcomm tablet or an Intel server. And then regardless of the hardware, the Windows VM will have all kinds of Windows problems that the macOS VM doesn't. Likewise, if you run a Windows or Linux VM on Apple Silicon, it runs faster than it does on a Qualcomm chip.

Tying your average or even above-average product with some mediocre kludge warehouse that happens to be made by the same conglomerate is an established way to sink both of them.

Nvidia is the largest company and they pay TSMC to fab the GPUs they sell to cloud providers who sell them to AI companies. Intel integrated their chip development with their internal fabs and now they're getting stomped by everyone because their fabs fell behind.

What matters isn't if everything is made by the same company. What matters is if your thing is any good.

[Mountain_Skies]

They're political tools within the border too.

[torginus]

Here's my thought on American democracy (and its masters) in general - America's leadership pursues a maximum ability to decides as it sees fit at any point in time, since America's a democracy, the illusion of popular support must be maintained, and so certain viewpoints are planted and cultivated by the administration - the goal is not to impose their will on the population, but to garner enough mindshare for a given idea, so that no matter which way the government decides, it will have a significant enough chunk of the population to back it up, and should it change its mind (or vote in a new leader), it can suddenly turn on a dime and have a plausible deniability and moral tabula rasa for its past actions (it was the other guy, he was horrible, but he's gone now!).

No authoritarian regime has this superpower. For example, I'm quite sure Putin has realized this war is a net loss to Russia, even if they manage to reach all their goals and claim all that territory in the future.

But he can't just send the boys home, because that would undermine his political authority. If Russia were an American style democracy, they could vote in a new guy, send the boys, home, maybe mete out some token punishment to Putin, then be absolved of their crimes on the international stage by a world that's happy to see 'permanent' change.

[MaxPock]

"If Russia were an American style democracy, they could vote in a new guy, send the boys, home, maybe mete out some token punishment to Putin, then be absolved of their crimes on the international stage by a world that's happy to see 'permanent' change"

This is funny because none of that happened to Bush for the illegal an full scale invasions of Iraq and Afghanistan nor to Clinton for the disastrous invasion of Mogadishu.

[throwaway-11-1]

so you're saying other countries should definitely not trust any US built systems

[Imustaskforhelp]

This might happen at an api level in the sense that when deepseek was launched, and it was so overwhelmed and you were in the waiting line in their website

If your prompt had something like xi jinping needs it or something then it would've actually bypassed that restriction. Not sure if it was a glitch lol.

Now, regarding your comment. There is nothing to suggest that the same isn't happening in the "american" world which is getting extreme from within as well.

Like, If you are worried about this which might be reasonable and unreasonable at the same time, we have to discuss to find it out, then you can also believe that with the insane power that Trump is leveraging over AI companies, the same thing might happen over prompts which could somehow discover your political beliefs and then do the same...

This can actually be more undetected for american models because they are usually closed source and I am sure that someone would've detected something like this, whether from a whistleblower or something if something like this indeed happened in chinese open weights models generally speaking.

I don't think that there is a simple narrative like america good china bad, the world is changing and its becoming multi polar. Countries should think in their best interests and not be worried about annoying any of the world power if done respectfully. I think that in this world, every country should try to look for the perfect equibria for trust as the world / nations (america) can quickly turn into untrusted partners and it would be best for countries to move forward into a world where they don't have to worry about the politics in other countries.

I wish UN could've done a better job at this.

[SilverElfin]

> While I agree this report is BS and xenophobic

Care to share specific quotes from the original report that support such an inflammatory claim?

[bigyabai]

That's what TFA is. Were you able to find any methodology the author did not?

[xpe]

> While I agree this report is BS and xenophobic

Examples please? Can you please share where you see BS and/or xenophobia in the original report?

Or are you basing your take only on Hartford's analysis? But not even Hartford make any claims of "BS" or xenophobia.

It is common throughout history for a nation-state to worry about military and economic competitiveness. Doing so isn't necessarily isn't necessarily xenophobic.

Here is how I think of xenophobia, as quoted from Claude (which to be honest, explains it better than Wikipedia or Brittanica, in my opinion): "Xenophobia is fundamentally about irrational fear or hatred of people based on their foreign origin or ethnicity. It targets people and operates through stereotypes, dehumanization, and often cultural or racial prejudice."

According to this definition, there is zero xenophobia in the NIST report. (If you disagree, point to an example and show me.) The NIST report, of course, implicitly promotes ideals of western democratic rule over communist values -- but to be clear, this isn't xenophobia at work.

What definition of xenophobia are you using? We don't have to use the same exact definition, but you should at least explain yours if you want people to track.

[antonvs]

> Can you please share where you see BS and/or xenophobia in the original report?

Here’s an example of irrational fear: “the expanding use of these models may pose a risk to application developers, consumers, and to US national security.” There’s no support for that claim in the report, just vague handwaving at the fact that a freely available open source model doesn’t compare well on all dimensions to the most expensive frontier models.

The OP does a good job of explaining why the fear here is irrational.

But for the audience this is apparently intended to convince, no support is needed for this fear, because it comes from China.

The current president has a long history of publicly stated xenophobia about China, which led to harassment, discrimination, and even attacks on Chinese people partly as a result of his framing of COVID-19 as “the China virus”.

A report like this is just part of that propaganda campaign of designating enemies everywhere, even in American cities.

> The NIST report, of course, implicitly promotes ideals of western democratic rule over communist values

If only that were true. But nothing the current US administration is doing in fact achieves that, or even attempts to do so, and this report is no exception.

The absolutely most charitable thing that could be said about this report is that it’s a weak attempt at smearing non-US competition. There’s no serious analysis of the merits. The only reason to read this report is to laugh at how blatantly incompetent or misguided the entire chain of command that led to it is.

[xpe]

> The absolutely most charitable thing that could be said about this report is that it’s a weak attempt at smearing non-US competition.

You aren't using the words "absolute" [1], "charitable" [2], and "smear" [3] in the senses that reasonable people expect. I think you are also failing to use your imagination and holding onto one possible explanation too tightly. I think it would benefit you to relax your grip on one narrative and think more broadly and comprehensively.

[1] Your use of "absolute" is rhetorical not substantive.

[2] You use the word "charitable" but I don't see much intellectual flexibility or willingness to see other valid explanations. To use another phrase, you seem to be operating in a 'soldier' mindset rather than a 'scout' mindset. [5]

[3] Here is the sense of smear I mean from the Apple dictionary: "to damage the reputation of (someone) by false accusations; slander: someone was trying to smear her by faking letters." NIST is not smearing DeepSeek, because smearing requires false claims. [4]

[4] If you intend only to claim that NIST is overly accentuating negative aspects of DeepSeek and omitting its strengths, that would be a different argument.

[5] https://en.wikipedia.org/wiki/The_Scout_Mindset

[xpe]

Here is how I would charitably and clearly restate your position -- let me know if this is accurate:

1. You accept the definition: "Xenophobia is fundamentally about irrational fear or hatred of people based on their foreign origin or ethnicity. It targets people and operates through stereotypes, dehumanization, and often cultural or racial prejudice."

2. You claim this sentence from the NIST report is an example of irrational fear: "the expanding use of these models may pose a risk to application developers, consumers, and to US national security."

3. As irrational fear isn't sufficient for xenophobia, you still need to show that it is "based on their foreign origin or ethnicity".

4. You don't provide any evidence from the report of #3. Instead, you refer to Trump's comments as evidence of his xenophobia.

5. You directly quote my question "Can you please share where you see BS and/or xenophobia in the original report?" In your response, you imply that Trump's xenophobic language is somehow part of the report.

My responses to the above (again, which I think is an accurate but clearer version of your argument): (1) Good; (2) I disagree, but I'll temporarily grant this for the sake of argument; (3) Yes; (4) Yes, Trump has used xenophobic language; (5) Since we both agree that Trump's language is not part of the report, your example doesn't qualify as a good answer to "Can you please share where you see BS and/or xenophobia in the original report?".

Your claim only shows how a xenophobic Trumpist would interpret the NIST report.

My take: Of course the Trump administration is trying to assert control over NIST and steer it in more political directions. This by definition will weaken its scientific objectivity. To what degree it has eroded so far is hard for me to say. I can't speak to the level of pressure from political appointees relating to the report. I can't speak to the degree to which they meddled with it. But this I can say: when I read the language in the report, I don't see xenophobia.

[antonvs]

[flagged]

[xpe]

[flagged]

[xpe]

[flagged]

[xpe]

[flagged]

[xpe]

> > You don't provide any evidence from the report of #3. Instead, you refer to Trump's comments as evidence of his xenophobia.

> No, as evidence of how the President of the United States has abused his position to weaponize xenophobia, of which the report in question is just another example.

We don't disagree that Trump has weaponized the government in many ways. But Trump's corruption and weaponization is not completely pervasive. To explain, I'll restate a point from another comment:

> But you are confused if you think this tendency of Trump means that this particular NIST report is irredeemably twisted and manipulated. You seem to believe that Trump's derangement has percolated NIST to the point where nearly every word in the report is in service of his whims or agenda (which changes so often that even his supporters have to find ways to cope with the chaos).

> No. I haven't seen you demonstrate much understanding of NIST or U.S. government agencies in general. I've seen you commit many errors and much motivated reasoning.

[xpe]

> Otherwise, the report is meaningless nonsense - comparing apples with oranges, making claims about possible future dangers that aren't supported by anything the report actually found, and so on.

Some responses:

- Do you think the report is literally "meaningless nonsense" -- meaning it is incomprehensible or self-contradictory? I don't think you mean this.

- Do you disagree with the report's technical findings? I am pretty confident (P > 70%) you haven't engaged with them well enough to make specific claims about the technical aspects.

- Do you think the report's technical findings are so biased as to be (more or less) worthless in addressing the question of risk from DeepSeek? Yes; this seems to be your claim.

As to the last point, you haven't persuaded me. Why? You haven't engaged substantively with the NIST Report; you've mostly made sweeping comments with many reasoning errors.

Here's a guess at what may be happening in your brain. You let your view about Trump "run wild"; you probably haven't given any significant thought to the technical or geopolitical points on their own merits. Instead, you've fixated on the view that the Trump administration has ruined the objectivity of the report. In short, you found your preferred explanation ("motivated reasoning") and then stopped looking for other explanations ("early stopping"). These are common -- we're only human after all -- but damaging cognitive errors.

I have some other guesses... You probably lack: (i) an understanding (of the topic area or of how NIST works); or (ii) the curiosity or time to dig in. A lack of understanding is not necessarily a problem if you recognize it and adjust accordingly (i.e. by expressing uncertainty and/or expanding your knowledge). [2]

From my POV, I'm not confident you understand the key concepts from the NIST report. May I ask: what is your experience level with: national security, cybersecurity, machine learning, U.S. government, risk assessment, prediction, economics, geopolitics, or similar? What about the particular technical AI topics mentioned in the report?

- Many do not have experience in these areas. This is Hacker News, not e.g. an invite-only message board for AI experts interested in government policy. I don't know what a random HN commenter knows, but I would predict it isn't anywhere close to "competent" in all of the above.

- Knowledge across these areas is helpful (probably necessary in my opinion) to understand the NIST Report well. Without that background, one will have huge gaps. And unless you are really careful, your brain will fill those gaps with processes riddled with cognitive bias. [1]

- Beware the hubris that might lead someone to claim the lack of such experience is irrelevant. (And yes, experts are not immune from cognitive bias either.)

[1]: To borrow some words from Claude Sonnet 4.5, which I endorse as matching what I've learned from other sources: "Examine what appears to be rational thought and you find it rests on heuristics; examine those heuristics and find more heuristics beneath. There's no rational bedrock—it's cognitive biases all the way down."

[2]: For many, another frustration (such as Trump's degradation of democracy) can be a powerful and extensive demotivator in other areas. That frustration can serve as a explanation for much that ails us. This can become a coping mechanism, which serve a function at times, but are rarely motivators to increase the curiosity needed to make sense of a messy world.

[xpe]

> A report like this is just part of that propaganda campaign of designating enemies everywhere, even in American cities.

Yes, it seems that Trump considers anyone who loudly disagrees with him to be an enemy. So when he looks at Portland, Chicago, and Washington DC, he views them as filled with enemies. On this I think we agree.

But you are confused if you think this tendency of Trump means that this particular NIST report is irredeemably twisted and manipulated. You seem to believe that Trump's derangement has percolated NIST to the point where nearly every word in the report is in service of his whims or agenda (which changes so often that even his supporters have to find ways to cope with the chaos).

No. I haven't seen you demonstrate much understanding of NIST or U.S. government agencies in general. I've seen you commit many errors and much motivated reasoning.

[xpe]

>> (me) The NIST report, of course, implicitly promotes ideals of western democratic rule over communist values

> (antonvs) If only that were true.

Using a charitable reading of your comment, it seems you are actually talking about the effectiveness of NIST, not about its mission. In so doing, you were not replying to my actual claim. If you read my sentence in context, I hope it is clear that I'm talking about the implicit values baked into the report. When I write that NIST promotes certain ideals, I'm talking about its mission, stated here [1]:

> To promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.

This is explained using different words in a NIST FAQ [2]:

> Everything in science and technology is based on measurement. Everything we use every day relies upon accurate measurements to work. NIST ensures the measurement system of the U.S. meets the measurement needs of every aspect of our lives from manufacturing to communications to healthcare. In science, the ability to measure something and determine its value — and to do so in a repeatable and reliable way — is essential. NIST leads the world in measurement science, so U.S. businesses can innovate in a fair marketplace. We use measurement science to address new challenges ranging from cybersecurity to cancer research.

It is clear NIST's mission is a blend of scientific rigor and promotion of western values (such as free markets, free ideas, innovation, etc). Reasonable people can disagree on the extent to which NIST achieves this mission, but I don't think reasonable people can deny that NIST largely aims to achieve this mission.

My take on the Trump and his administration: Both are exceptionally corrupt by historical standards. They have acted in ways that undermine many of the goals of NIST. But one has to be careful to distinguish elected leaders and appointees from career civil servants. We have to include both (and their incentives, worldviews, and motivations) when making sense of what is happening.

[1]: https://www.nist.gov/about-nist

[2]: https://www.nist.gov/nmi

[antonvs]

> Using a charitable reading of your comment, it seems you are actually talking about the effectiveness of NIST, not about its mission

I'm not talking about NIST in general, just about this report, which most certainly does not, as you claimed, "implicitly promote ideals of western democratic rule over communist values." Quite the contrary: it's a blatant and transparent continuation of the current administration's assault on those Western democratic values.

> It is clear NIST's mission is a blend of scientific rigor and promotion of western values

That was true in the past. You seem to be having difficulty accepting the new reality, even defending it. Which is sad to witness.

[xpe]

>> It is clear NIST's mission is a blend of scientific rigor and promotion of western values

> That was true in the past. You seem to be having difficulty accepting the new reality, even defending it. Which is sad to witness.

First, something you know (or should know): people that disagree with you do not necessarily support your rivals / opponents / enemies. You are incorrect confusing (i) my pushback against your reasoning with (ii) defending Trump.

You've committed many reasoning errors. Sometimes people need very direct (i.e. blunt) feedback from a trusted person. I don't think getting through to you at all. Maybe someone else can and will?

[xpe]

> Quite the contrary: it's a blatant and transparent continuation of the current administration's assault on those Western democratic values.

Generally speaking, I agree the Trump administration is assaulting Western democratic values.

Remember, this is conversation. You are convinced of one way of seeing the NIST report. I recognize your perspective; I see your intensity, but intensity alone does not translate into credibility. Repeating your claims ad nauseam doesn't help.

In my eyes, you have not made a case (much less a good one) for how this particular NIST report is somehow an assault on Western democratic values. Neither have you shown it is a blatant or transparent assault.

If you want to persuade, practice the art of persuasion. I suggest:

- Elaborate, clarify, use good reasoning.

- Explore multiple explanations. Don't put on blinders. Seek the truth wherever it lies.

- Don't oversimplify. Express appropriate uncertainty.

- Use conversation to move towards better understanding.

- Don't misrepresent what others say or believe.

[xpe]

> Here’s an example of irrational fear: “the expanding use of these models may pose a risk to application developers, consumers, and to US national security.”

Yes, that contains a quote from the executive summary. First (perhaps a minor point), I wouldn't frame this a fear, I would call it a risk assessment. Second, it is not an irrational assessment. It seems you don't understand the reasoning, in which case disagreement would be premature.

> There’s no support for that claim in the report, just vague handwaving at the fact that a freely available open source model doesn’t compare well on all dimensions to the most expensive frontier models.

I'm going to put aside your unfounded rhetoric of "vague handwaving". You haven't connected the dots yet. Start by reviewing these sections with curiosity and an open mind: 3.3: Security Evaluations Overview (pages 15-16); 6.1: Agent Hijacking (pages 45-57); 6.2: Jailbreaking (pages 48-52); 7: Censorship Evaluations (pages 53-55)

Once you read and understand these sections, the connection to the stated risks is clear. To spell it out: when an organization deploys a DeepSeek model, they are exposing themselves and their customers to higher levels of risk. Risks to (i) the deploying organization; (ii) the customer; and (iii) anything downstream, such as credentials or access to other systems.

Just in case I need to spell it out: yes, if DeepSeek is only self-deployed (e.g. via Ollama) on one's local machine, some risks are much lower. But a local-deployment scenario is not the only one, and even it has significant risks.

Lastly, it is expected (and not unreasonable) for government agencies to invoke national security when cybersecurity and bioterrorism are involved. Their risk tolerance is probably lower than yours, because it is their job.

Next, I will ask you some direct questions:

1. Before reading Hartford's post, what were your priors? What narratives did you want to be true?

2. Did you actively try to prove yourself wrong? Did you put in at least 10 uninterrupted minutes trying to steel-man the quote above?

3. Before reading the NIST report, would you have been able to e.g. explain how hijacking and jailbreaking are different? Would you have been able to explain in your own words how they fit into a threat model?

Of course you don't have to tell us your answers. Some people have too much pride to admit they are uninformed or mistaken even privately, much less in public. To many, internet discussions are a form of battle. Whatever your answers are, strive to be honest with yourself. For some, it takes years to get there. I'm speaking from experience here!

[antonvs]

> Once you read and understand these sections, the connection to the stated risks is clear. To spell it out: when an organization deploys a DeepSeek model, they are exposing themselves and their customers to higher levels of risk.

Compared to what, exactly? The "frontier models" that the report compared DeepSeek to can't be "deployed" by an organization, they can only be used via a hosted API. It's an entirely different security model, and this inappropriate comparison is part of what reveals the irrational bias in this report.

If the report had done a meaningful comparison, it would have found quite similar risks in other models that are more comparable to DeepSeek.

As the OP states, this is nothing more than a hit job, and everyone who worked on it should be embarrassed and ashamed of themselves for participating in such an anti-intellectual exercise.

[xpe]

From page 6 of the NIST "Evaluation of DeepSeek AI Models" report:

    CAISI’s security evaluations (Section 3.3) found that:

    • DeepSeek models were much more likely to follow
      malicious hijacking instructions than evaluated U.S.
      frontier models (GPT-5 and Opus 4). The U.S. open
      weight model evaluated (gpt-oss) matched or exceeded
      the robustness of all DeepSeek models.
   
    • DeepSeek models were highly susceptible to
      jailbreaking attacks. Unlike evaluated frontier and
      open-weight U.S. models, DeepSeek models assisted
      with a majority of evaluated malicious requests in
      domains including harmful biology, hacking, and  
      cybercrime when the request used a well-known
      jailbreaking technique.

Note: gpt-oss is an open weights model (like DeepSeek).

So it would be incorrect for anyone to claim the report doesn't compare DeepSeek to an open-weights model.

[xpe]

I'm going to take this slowly and non-controversially in the hopes of building a foundation for a useful conversation. There are no gotchas or trick questions here.

1. Deploying any LLM where a person can use them (whether an employee or customer) has risks. Agree?

2. The report talks about risks. Agree?

3. There are various ways to compare risk levels. Agree?

4. One can compare the risk relative to: (a) not deploying an LLM at all; (b) deploying another kind of LLM; (c) some other ways. Agree?

If you can't honestly answer "yes" to these questions, this suggests to me there is no point in continuing the conversation.

[xpe]

[flagged]

[xpe]

I'll propose through a simple scenario: An organization wants to compare the risks of deploying a user-facing application backed by an LLM. Let's say they are comparing two LLM options:

1. a self-deployed open-weight LLM (such as DeepSeek)

2. a hosted LLM (such as Claude)

Do you understand the scenario?

Claim: When assessing this scenario, it is reasonable to compare risks, including both hijacking and jailbreaking attacks. Why? It is simple; both can occur! Agree? If not, why not?

I ask you discuss good faith without making unsupported claims or repeating yourself.