China’s AI Is Spreading Fast. Here’s How to Stop the Security Risks

•April 1, 2026

War on the Rocks•Apr 1, 2026

Key Takeaways

•Chinese open‑weight models grew to 30% of global AI workloads
•Models can be poisoned, creating undetectable backdoors
•Data sent to Chinese servers may be accessed by intelligence
•Weak safety guards let malicious actors exploit AI tools
•U.S. should enforce security standards, not blanket bans

Summary

Chinese open‑weight AI models surged from 1% to 30% of global workloads between late 2024 and 2025, with Alibaba’s Qwen family alone reaching over 700 million downloads. These models are freely available, but their developers are bound by China’s National Intelligence Law, raising concerns about backdoors, data exfiltration, and lax safety guardrails. Researchers have documented thousands of poisoned files on major model repositories, and U.S. security agencies warn that Chinese models can be weaponized by malicious actors. Policymakers are urged to adopt targeted security standards and transparency rules rather than blanket bans.

Pulse Analysis

The rapid diffusion of Chinese open‑source AI has reshaped the global model market, turning what were once niche projects into mainstream building blocks for startups and research labs. Their low‑cost licensing and ability to run on modest hardware make them attractive, but the lack of provenance guarantees creates a fertile ground for supply‑chain attacks. Recent studies show that as few as a few hundred malicious documents can embed backdoors in billion‑parameter models, and large repositories have already flagged hundreds of thousands of suspicious files. As U.S. enterprises increasingly integrate these models, the risk of hidden vulnerabilities escalates, prompting calls for mandatory integrity scans and a certification regime akin to UL testing for hardware.

Beyond technical sabotage, Chinese AI services pose a data‑exfiltration challenge rooted in the country’s 2017 National Intelligence Law. Every API call to a model hosted in China can transmit proprietary code, strategic plans, or personal information to servers that are legally obliged to cooperate with state intelligence. While outright bans are impractical—mirrored models circulate on countless third‑party sites—transparency measures can empower users. Requiring AI providers to disclose data‑processing locations, similar to nutrition labels, would let businesses make informed choices and allow regulators to restrict foreign‑adversary processing for sensitive workloads.

The security concerns intersect with a broader economic contest. Chinese firms deliver competitive performance at a fraction of the cost of U.S. offerings, threatening the return on billions of dollars invested in American compute infrastructure. To retain market leadership, the United States must accelerate the development of affordable, high‑quality open‑weight models and bundle them with robust safety frameworks. Export initiatives, such as the AI Exports Program outlined at the 2026 AI Impact Summit, aim to showcase American stacks to allied nations, ensuring that cost‑sensitive markets have a viable alternative to Chinese solutions. By coupling innovation with enforceable security standards, the U.S. can safeguard its digital ecosystem while preserving its competitive edge.