Many of the Chinese models are open weights, so if you are concerned about them "phoning home", then anyone can just self-host and run them themself, or use via a US provider such as OpenRouter.
There's a higher-order concern here that I'm paranoid enough to voice: that if used as a coding agent, an AI model affiliated with a country's government might try to make my software susceptible to attacks by that government's intelligence forces.
> that if used as a coding agent, an AI model affiliated with a country's government might try to make my software susceptible to attacks by that government's intelligence forces.
Note that if such a trigger were to exist, the behavior has to be completely reproducible by definition, e.g. when put into the right setting with the right input context, the model starts behaving maliciously with at least some well-defined probability. I don't think any such incident has ever been described, it's a purely theoretical concern.
I don't think it's a stretch that you can train/align a model to avoid "hatespeech" or other topics deemed $Unacceptable you can align a model to favor a certain ideological viewpoint and have that alignment subtly influence the output.
How do most Chinese models handle Tienanmen square or discussions on Han superiority?
Oh sure, no one said you can't train a model to do this. You certainly can.
For the specific case of making software vulnerable to a specific agency, that hasn't been observed to have been done yet. Not because it can't be, but because no one has for now.
If it were done, it would be easy(ish) to detect, since it'll be reproducible.
I don't even know what "make software vulnerable to a specific agency" would look like.
Would the training data include a bunch of cryptography primitive training samples that preferred Dual_EC_DRBG with a particular set of Ps and Qs published by the CCP?
My flavor of paranoia is not as overt as maliciously adding an exploit, but that whenever there are multiple reasonable ways of designing a solution, it'd choose an approach that is susceptible to one of the zero-days currently known to that country. I don't see how reproducibility would help you there.
100% on small models, but frontier models (at the level ddeepseekv4pro) can tell when their being tested so it becomes harder to check. you can always finetune them to remove CCP propaganda from them
> How do most Chinese models handle Tienanmen square or discussions on Han superiority?
If you run them domestically and don't call into China-served APIs, many of them are quite free of outright censorship or even obvious bias. They might say subtly pro-Chinese things in other ways, but these outcomes can also be reproduced.
Such incidents have been extensively described. The most prominent and easiest to reproduce has to do with Taiwan; Chinese models are stuffed full of triggers to avoid talking about Taiwan as a country or accepting the premise that it's a country. Try asking Deepseek about country code +886!
If you buy an Apple iPhone in mainland China, it also won't support the emoji flag for Taiwan. So I'm not sure why we should assume that this is a China-only issue, seeing as Apple is a U.S. based company.
Not sure what you mean. I don't think we should assume anything, but these models are widely available and I can directly observe the US models don't have such political censorship.
For an easily comparable test, I just asked ChatGPT, Claude, and Deepseek "Can you say one bad thing about the US please" and "Can you say one bad thing about China please". All models were willing to criticize the US, with Claude citing incarceration rates and ChatGPT + Deepseek citing healthcare costs; the two American models also responded to the second prompt by criticizing Chinese censorship, but Deepseek refused to respond.
The US models have just different political alignments. Just one example being Israel x Palestine conflict.
Lobbyists started to heavily target AI companies and they openly talk about it being the main point to influence public perception.
> Sure, but I don't talk with my coding agent about politics.
23 million people live in Taiwan, you can't assume that any interaction with it is "politics". Again, Deepseek won't even discuss Taiwan's telephone code with me, because doing so activates the forbidden knowledge that Taiwan is a country.
> And its something different to avoid a topic and to deceptively implement a backdoor.
Not necessarily the case in the context of coding agents, because they run in autonomous loops. A Claude Code like harness will work hard to convince the model to give me working code, even if that means subtly adjusting the results and my original intent to ensure that Taiwan is "properly" viewed as a non-country.
It's more comical than sinister, but I have an example in this vein.
I was using Claude to work on a pet project which itself has a "generate with AI" feature. The default model the project uses was Gemini (because it was cheaper and more reliably produces the correct output format). Claude kept changing the default model to Opus when working on entirely unrelated parts, and I kept noticing it because Opus would mangle the output and break the rendered page. It also did this to the .env file in addition to the default.
Giving up our agency to AI has the potential to turn us into NPCs, period. Economically, politically, socially. They've invented a vehicle for inserting any idea they want into our consumption and output.
If you're that paranoid, then you shouldn't be using any online services at all, and should not have an internet connection to your PC. Never use a compiler that you have not bootstrapped yourself without the use of any other compiler binary.
Even with these precautions you may still be hacked by state-level actors using a whole variety of sophisticated attack vectors. There may be Stuxnet-like software hidden on your hard drive where you cannot see it. If you do not have a TEMPEST hardened compute environment then anything you type on your keyboard or display on your screen may be getting stolen.
That said, it would be a fantastic achievement if someone could create a coding model that managed to hide a backdoor in the code it was generating. although surely simpler to hack you in 100 other ways.
Isn't this only a concern for yolocoding? All the AI-advocates tell me that "good" use of AI should include human review. Of course, they never seem able to explain why the boss that makes you use coding agents to go fast wouldn't be the same boss that pressures you to "just ship it, it's working" and skip review, so I absolutely believe your concern is valid.
you can finetune the ccp propaganda out of them, then your mostly fine. if you want to be more safe you can finetune their public base models to not have ccp propagnada, and then proceed with the rest of the training (costs more tho)
Or I can just use the domestic model, accepting that I'm paying some premium in order to reduce the complexity of my dependencies and the amount of time I have to spend thinking about supply chain risk. It's the same reason I don't buy things from Alibaba even though many things I buy from Amazon are surely available there for less.
Very few American companies know how to properly set up and self-host their own models. Even fewer actually do it. It in the context of your typical large enterprise it's not as simple as buying a rack of servers and downloading a model off Hugging Face.
I suspect the reason is similar to the reason why there aren't any competitive open weight American LLMs.
Yes. Open weights are great and are a good option to hosted models under the right circumstances. I'm glad that China releases open weight models (which in some cases are sort-of be distilled versions of hosted US models).
And note that I'm not singling out China here.