Is "taboo" the right word? "taboo" = "banned on grounds of morality or taste". Not sending data to known IP thieves, state actors, and competitors in China (or Russia or Israel) seems very rational.
Many of the Chinese models are open weights, so if you are concerned about them "phoning home", then anyone can just self-host and run them themself, or use via a US provider such as OpenRouter.
There's a higher-order concern here that I'm paranoid enough to voice: that if used as a coding agent, an AI model affiliated with a country's government might try to make my software susceptible to attacks by that government's intelligence forces.
> that if used as a coding agent, an AI model affiliated with a country's government might try to make my software susceptible to attacks by that government's intelligence forces.
Note that if such a trigger were to exist, the behavior has to be completely reproducible by definition, e.g. when put into the right setting with the right input context, the model starts behaving maliciously with at least some well-defined probability. I don't think any such incident has ever been described, it's a purely theoretical concern.
I don't think it's a stretch that you can train/align a model to avoid "hatespeech" or other topics deemed $Unacceptable you can align a model to favor a certain ideological viewpoint and have that alignment subtly influence the output.
How do most Chinese models handle Tienanmen square or discussions on Han superiority?
Oh sure, no one said you can't train a model to do this. You certainly can.
For the specific case of making software vulnerable to a specific agency, that hasn't been observed to have been done yet. Not because it can't be, but because no one has for now.
If it were done, it would be easy(ish) to detect, since it'll be reproducible.
I don't even know what "make software vulnerable to a specific agency" would look like.
Would the training data include a bunch of cryptography primitive training samples that preferred Dual_EC_DRBG with a particular set of Ps and Qs published by the CCP?
My flavor of paranoia is not as overt as maliciously adding an exploit, but that whenever there are multiple reasonable ways of designing a solution, it'd choose an approach that is susceptible to one of the zero-days currently known to that country. I don't see how reproducibility would help you there.
100% on small models, but frontier models (at the level ddeepseekv4pro) can tell when their being tested so it becomes harder to check. you can always finetune them to remove CCP propaganda from them
> How do most Chinese models handle Tienanmen square or discussions on Han superiority?
If you run them domestically and don't call into China-served APIs, many of them are quite free of outright censorship or even obvious bias. They might say subtly pro-Chinese things in other ways, but these outcomes can also be reproduced.
Such incidents have been extensively described. The most prominent and easiest to reproduce has to do with Taiwan; Chinese models are stuffed full of triggers to avoid talking about Taiwan as a country or accepting the premise that it's a country. Try asking Deepseek about country code +886!
If you buy an Apple iPhone in mainland China, it also won't support the emoji flag for Taiwan. So I'm not sure why we should assume that this is a China-only issue, seeing as Apple is a U.S. based company.
Not sure what you mean. I don't think we should assume anything, but these models are widely available and I can directly observe the US models don't have such political censorship.
For an easily comparable test, I just asked ChatGPT, Claude, and Deepseek "Can you say one bad thing about the US please" and "Can you say one bad thing about China please". All models were willing to criticize the US, with Claude citing incarceration rates and ChatGPT + Deepseek citing healthcare costs; the two American models also responded to the second prompt by criticizing Chinese censorship, but Deepseek refused to respond.
> Sure, but I don't talk with my coding agent about politics.
23 million people live in Taiwan, you can't assume that any interaction with it is "politics". Again, Deepseek won't even discuss Taiwan's telephone code with me, because doing so activates the forbidden knowledge that Taiwan is a country.
> And its something different to avoid a topic and to deceptively implement a backdoor.
Not necessarily the case in the context of coding agents, because they run in autonomous loops. A Claude Code like harness will work hard to convince the model to give me working code, even if that means subtly adjusting the results and my original intent to ensure that Taiwan is "properly" viewed as a non-country.
It's more comical than sinister, but I have an example in this vein.
I was using Claude to work on a pet project which itself has a "generate with AI" feature. The default model the project uses was Gemini (because it was cheaper and more reliably produces the correct output format). Claude kept changing the default model to Opus when working on entirely unrelated parts, and I kept noticing it because Opus would mangle the output and break the rendered page. It also did this to the .env file in addition to the default.
Giving up our agency to AI has the potential to turn us into NPCs, period. Economically, politically, socially. They've invented a vehicle for inserting any idea they want into our consumption and output.
Isn't this only a concern for yolocoding? All the AI-advocates tell me that "good" use of AI should include human review. Of course, they never seem able to explain why the boss that makes you use coding agents to go fast wouldn't be the same boss that pressures you to "just ship it, it's working" and skip review, so I absolutely believe your concern is valid.
If you're that paranoid, then you shouldn't be using any online services at all, and should not have an internet connection to your PC. Never use a compiler that you have not bootstrapped yourself without the use of any other compiler binary.
Even with these precautions you may still be hacked by state-level actors using a whole variety of sophisticated attack vectors. There may be Stuxnet-like software hidden on your hard drive where you cannot see it. If you do not have a TEMPEST hardened compute environment then anything you type on your keyboard or display on your screen may be getting stolen.
That said, it would be a fantastic achievement if someone could create a coding model that managed to hide a backdoor in the code it was generating. although surely simpler to hack you in 100 other ways.
you can finetune the ccp propaganda out of them, then your mostly fine. if you want to be more safe you can finetune their public base models to not have ccp propagnada, and then proceed with the rest of the training (costs more tho)
Or I can just use the domestic model, accepting that I'm paying some premium in order to reduce the complexity of my dependencies and the amount of time I have to spend thinking about supply chain risk. It's the same reason I don't buy things from Alibaba even though many things I buy from Amazon are surely available there for less.
Very few American companies know how to properly set up and self-host their own models. Even fewer actually do it. It in the context of your typical large enterprise it's not as simple as buying a rack of servers and downloading a model off Hugging Face.
I suspect the reason is similar to the reason why there aren't any competitive open weight American LLMs.
Yes. Open weights are great and are a good option to hosted models under the right circumstances. I'm glad that China releases open weight models (which in some cases are sort-of be distilled versions of hosted US models).
No, in very real terms you cannot hold an American corporation responsible for anything any more than you could a Chinese or Russian one.
Individual citizens simply do not have the means, and the consequences for trying are life-alteringly severe. In fact the situation is even worse. If you tried to sue a Chinese company as an American citizen, you'd be laughed at and nothing more. If you tried to sue an American corporation, they have the option to either counter-sue, or drag things out so long that the legal fees bankrupt you, or win the case with their armies of lawyers and demand compensation from you that bankrupts you.
A private American citizen simply cannot hold an American corporation responsible. Our legal system is designed to ensure this.
This has nothing to do with the discussion. Do you have a HN poster bot just acting like an annoyed teenager with gripes about everything? 20 day old new account, what happened to the previous ones?
You can't really act against neither, as the case of Meta "stealing" books, torrenting on the truly industrial scale, sharing books while torrenting, etc, etc, was ultimately deemed okay.
In the se country where downloading an album can get a person in debt or worse.
Looking forward to the outcome of those legal processes againt the CEOs, that sit behind Trump at the inauguration.
After they stole all the knowledge in the world to train their models. And the current administration is drunk on SpaceX pre IPO shares...how did they get them?
Given how little voting power these "shares" have (they are effectively SpaceX trading cards/NFTs) perhaps they were simply printed on SpaceX letterhead? If Musk says a person has "shares" who at spacex is in a position to disagree?
I would consider editing this while HN still allows it :-)) Or otherwise it may remain here for ever...until the black holes evaporate, as calibration point for the difference between confidence and comprehension...
Musk and companies have so far over 950 lawsuits and legal processes for criminal or unethical activity (yes I researched this). Even his data centers and gas turbine deployments are illegal!
Lost one lawsuit against the same AI mafia, and if you look at the legal details reason was for filling the claim too late.
He publicly called a hero a Pedophile, and got away with it...in court.
This is an argument against pardons, except that Trump has used instruments of state power against his perceived enemies (Comey James, Schiff, military occupation of Tim Walz state, etc etc).
Well sure they do, thank Citizens United and others for that. But that doesn't mean we can't appropriately categorize them as also hostile actors alongside russia, china, whoever.
It's undo influence over politics against the best interest of the American people that's the issue. Company, foreign nation, it doesn't matter.
Citizens United did a lot to effectively legalize foreign influence as well, since the mechanism is opaque transfer of money
But regardless, most people's threat models should discount based on geographic and political distance. All else being equal, chinese surveillance is a bigger threat to you if you're in china than if you're in the us, and vice versa
Citizens United was about spending money on electioneering communications, and whether there was a First Amendment right to do so even if you’re associating in a corporation like the New York Times Company or Apple or Citizens United or the Sierra Club.
I think the odds of that are low. It's not like decision maker(s) are watching social media and going with the vibes, but it's almost certain that there's a rich conversation going on behind the scenes in opaque channels, especially with regards to the AI-only companies. And those conversations are likely what drove their decision.
The Chinese models can and should be run locally (though the price difference vs western models isn't as good when done this way).
Before the age of AI Agent Harnesses/unbounded tool calling, there was literally ZERO risk of a .safetensors file "hacking" you. You could even air-gap and run a ton of security analysis/HIDS on your server running the model to verify this.
Now, because a microscopic risk of some chinese AI having a "trigger" to act badly in a harness when it detects its being used by some Gweilo in the USA, even locally run Chinese models are DOA for most USA based companies.
Noooo, the real thieves are the Chinese AI companies which used Anthropic/OpenAI model output as training data. American AI companies can do no wrong. /s
These are the same people that sent manufacturing jobs away to be copied elsewhere. They got rewarded for it in the market. Decades later, when it was clearly a problem, they got tax breaks to bring some of it back/distribute the work to other, friendlier countries.
Every public AI that is not full of classified material will end up being hosted where the energy cost*compute efficiency product is lowest, thievery or not.
With Chinese GPUs just a step behind (but subsidized), China putting in 8x more solar than we do in 1 year, and Chinese models just a step behind but free? All public AI will be hosted there, theft or not.
If it becomes a problem, then we’ll subsidize the rich to bring it on-shore, but only to those companies who our leaders invest in already - to maximize grift and corruption.
The real advantage of the Chinese models is that they do not phone home at all. They run locally unlike their US competitors.
So odd that your erroneous criticism is at the top of HN.
EDIT: I'd love to hear my downvoters' objections. Is it possible that the mechanism that is promoting erroneous information is also demoting its correction?
Perhaps your prior comment would’ve been better received if it said that specifically instead of “Chinese models”.
But also, the latest DeepSeek is 1.6T parameters. “Choosing” to run this locally is a choice that comes with a seven digit price tag, and is a sunk cost that will probably not run any other frontier model anytime soon.
Most organizations are not looking to spend millions of dollars trying to find a workaround to specifically run DeepSeek. Most enterprise consumption in this space is still very experimental and a pay as you go model is much more palatable. Most are simply just looking for three checkboxes: is it close to frontier performance, is it compliant with my organizations requirements, and is it a good price? DeepSeek can only do two of the three at the same time.
China is bad and there's a moral argument there. But the reason you want to be careful with sending IP to China is quite pragmatic: they're willing and able to use it while competing with you.
Is Alibaba interested in copying your TUI RSS reader though? Probably not.
“No country can match the output of moral judgments that spew out from the editorial pages of the New York Times and Washington Post and from the reports of the greatest think tanks and universities in the world.”