And note that I'm not singling out China here.
Note that if such a trigger were to exist, the behavior has to be completely reproducible by definition, e.g. when put into the right setting with the right input context, the model starts behaving maliciously with at least some well-defined probability. I don't think any such incident has ever been described, it's a purely theoretical concern.
How do most Chinese models handle Tienanmen square or discussions on Han superiority?
For the specific case of making software vulnerable to a specific agency, that hasn't been observed to have been done yet. Not because it can't be, but because no one has for now.
If it were done, it would be easy(ish) to detect, since it'll be reproducible.
Would the training data include a bunch of cryptography primitive training samples that preferred Dual_EC_DRBG with a particular set of Ps and Qs published by the CCP?
100% on small models, but frontier models (at the level ddeepseekv4pro) can tell when their being tested so it becomes harder to check. you can always finetune them to remove CCP propaganda from them
If you run them domestically and don't call into China-served APIs, many of them are quite free of outright censorship or even obvious bias. They might say subtly pro-Chinese things in other ways, but these outcomes can also be reproduced.
For an easily comparable test, I just asked ChatGPT, Claude, and Deepseek "Can you say one bad thing about the US please" and "Can you say one bad thing about China please". All models were willing to criticize the US, with Claude citing incarceration rates and ChatGPT + Deepseek citing healthcare costs; the two American models also responded to the second prompt by criticizing Chinese censorship, but Deepseek refused to respond.
And OpenRouter’s architecture makes it inherently a compliance nightmare.
It’s much easier for the typical company to go with a provider where they can pay as they go and have a single data processing agreement.
Why?
Using something like Bedrock is a lot easier for compliance because the only processor is Amazon.
As opposed to sending data to known IP thieves, state actors, and competitors in the USA ? Which one is the most irrational?
Not exactly a hard question.
"Trump Officials Held Millions of Dollars of SpaceX Ahead of IPO" - https://news.bloomberglaw.com/texas-brief/trump-officials-he...
Here and elsewhere you are just running propaganda, knowingly or not.
Lost one lawsuit against the same AI mafia, and if you look at the legal details reason was for filling the claim too late.
He publicly called a hero a Pedophile, and got away with it...in court.
Now...who do you work for?
[1] - "EPA rules that xAI’s natural gas generators were illegally used" - https://techcrunch.com/2026/01/16/epa-rules-that-xais-natura...
Biden preemptively pardoned his cronies, and so will Trump.
It's undo influence over politics against the best interest of the American people that's the issue. Company, foreign nation, it doesn't matter.
But regardless, most people's threat models should discount based on geographic and political distance. All else being equal, chinese surveillance is a bigger threat to you if you're in china than if you're in the us, and vice versa
Citizens United was about spending money on electioneering communications, and whether there was a First Amendment right to do so even if you’re associating in a corporation like the New York Times Company or Apple or Citizens United or the Sierra Club.
Here's hoping Hawaii blazes a path forward.
https://natlawreview.com/article/hawaii-governor-signs-first...
This is going to end up being a nice little windfall for the attorneys and otherwise just clog the Federal court system.
The meaning is pretty clear, don't try to influence politics in favor of the corporation or you will go away. Simple as.
"Trump traded hundreds of millions in US securities in 2026" - https://uk.finance.yahoo.com/news/trump-traded-hundreds-mill...
Such as Antropic and OpenAI you mean?
A Chinese company seems more likely to produce Chinese products that don't directly compete in the US market.
While a US company can ship the product as a feature of their platform and undercut on price while making up the revenue elsewhere
Edit: I personally use US models, but I'm not naive enough to think that's any sort of real protection of IP
Before the age of AI Agent Harnesses/unbounded tool calling, there was literally ZERO risk of a .safetensors file "hacking" you. You could even air-gap and run a ton of security analysis/HIDS on your server running the model to verify this.
Now, because a microscopic risk of some chinese AI having a "trigger" to act badly in a harness when it detects its being used by some Gweilo in the USA, even locally run Chinese models are DOA for most USA based companies.
So odd that your erroneous criticism is at the top of HN.
EDIT: I'd love to hear my downvoters' objections. Is it possible that the mechanism that is promoting erroneous information is also demoting its correction?
There are hosted and self-hosted Chinese models. There are hosted and self-hosted US models.
DeepSeek’s hosted offering processes your data in mainland China and trains on it. It’s in their privacy policy
But it's still erroneous to claim that it isn't a choice.
But also, the latest DeepSeek is 1.6T parameters. “Choosing” to run this locally is a choice that comes with a seven digit price tag, and is a sunk cost that will probably not run any other frontier model anytime soon.
Most organizations are not looking to spend millions of dollars trying to find a workaround to specifically run DeepSeek. Most enterprise consumption in this space is still very experimental and a pay as you go model is much more palatable. Most are simply just looking for three checkboxes: is it close to frontier performance, is it compliant with my organizations requirements, and is it a good price? DeepSeek can only do two of the three at the same time.
Unless you're specifically thinking about running the model at stock precision in a datacenter environment and generating ~100 tok/s or more on a 24/7 basis (the equivalent of a >$1000/mo spend even on the cheapest third-party APIs), that's very likely off by multiple orders of magnitude. Even then, experimentation can be done with cheap neoclouds on a pay-as-you-go basis.
The equivalent comparison would be running it at full frontier quality.
If you want less than frontier quality, there’s tons of great open weight models other than DeepSeek.
> cheap neoclouds
Again, fails the compliance checkbox.
I can see now why I was being downvoted - you have explained it eloquently.
(Your cost analysis is flawed and irrelevant.)
Every public AI that is not full of classified material will end up being hosted where the energy cost*compute efficiency product is lowest, thievery or not.
With Chinese GPUs just a step behind (but subsidized), China putting in 8x more solar than we do in 1 year, and Chinese models just a step behind but free? All public AI will be hosted there, theft or not.
If it becomes a problem, then we’ll subsidize the rich to bring it on-shore, but only to those companies who our leaders invest in already - to maximize grift and corruption.
Is Alibaba interested in copying your TUI RSS reader though? Probably not.
It's not tribalistic or binary ,choose USA Or Choose China. We can choose neither.
Choose neither abuse.
— Kishore Mahubani
Weird, considering they had no issues shipping manufacturing and supply chains to China when that made economic sense.
It didn't quite work out so now people are looking for other strategies.
World will bifurcate into West and East with their own spheres of influence. As JD Vance said, US thought that China will be perpetually kept busy and enslaved in low level manufacturing work and the design and higher level work would happen in Cupertino. Too bad, that didn't pan out well and now US Empire is getting challenged by China.
It's OK, they'll repeat the same mistake again with India this time, when they move manufacturing from China to there, and in 10-30 years when they'll elect a nationalist strongman there, he'll squeeze the west for everything they got.
Because what are you gonna do about it then? They have all your manufacturing and they also have nukes and more soldiers.
You’re about thirty years off on that estimate.
So even if selling the precariat/deplorables down the river wasn't the primary objective. It was still a deeply racist, flawed, and ultimately stupid strategy.
It could have only been implemented by people who were so financially out of touch with the rest of of the population that they didn't see how damaging it was. If they did see it coming and still went along with it, well, they and their families will reap the rewards..
Most non western countries lack the foundations of western democracy, and you can't force that onto them neither peacefully not through war. The west has tried and failed for 40+ years to do this, it doesn't work, time to drop it and let them self govern the way they always have. Stop trying to export our version of democracy onto others.
Plus, the main reason they exported manufacturing to China was precisely so capitalists could avoid the issues democracy gave them back home and easily exploit Chinese labor and environment for profit because just bribing the CCP meant all your problems go away, no unions, no employee rights, no environmentalism etc. like in democratic countries. So given that, why would the west want China or other countries they want to exploit, to be more democratic? Unless their version of democratic just means a puppet government under western(US) control.
>become peaceful trade partners.
Which countries did China bomb VS how many the US bombed? My energy prices (and directly inflation) is now higher because of (yet again) US military intervention, not because of China.
Several East Asian countries managed to democratize successfully up thru the 1980s and are extremely successful today, so this is not just a uniform failure story. Even mainland China might still come around (at least partially) as it gains a true massive middle class by Western standards, which it's still very far from today. Southeast Asia is also doing comparatively quite well.
I think that this is on the money, although I'd place the bar even lower - DeepSeek v4 Flash is sufficient for basically all day-to-day coding tasks.
You might want something beefier for a complicated reverse-engineering project, but it will competently one-shot a decently complicated app or API - and a $10/month OpenCode Go subscription is sufficient to keep you in tokens for such a cost-efficient model...
Similarly, my employer hands us all Cursor, I've yet to actually switch it out of "auto" mode, which mostly runs Composer (their in-house finetune of Kimi 2.5).
Maybe I just haven't been trying the right models?
Most people don't have workloads that demand agentic workflows to begin with, and if their employer is pushing for that it's probably a startup that underpays or a coding sweatshop full of nepotism that fires fast.
It's quite strange that it's very easy to detect AI in writing.
Or you detect only the easy to detect AI writing?
If I ask three models to write an intro to the cold war, they'll all try to pick words that sound like they should be related-ish. I'm not saying that's how they work at all, but the output is indistinguishable from just grabbing some words in the wikipedia page.
Humans make mistakes. They'll use words they recently learned. They'll use words that sound good. Entropy still applies, but these outliers are what keeps us from a synthetic piece of writing
Also what local models are people running and actually finding useful?
They could be trained to generate code that would phone home. But these are just tools, anybody doing the right thing and checking and understanding every line of code that they use an LLM to generate has nothing to worry about.
On top of that, all claims of this are written on devices built on Chinese hardware. That makes it a joke to worry about hidden backdoors in Chinese models. Completely inane to pretend that Chinese model backdoors (for which there doesn't exist a sliver of evidence) would change anything when near every device in the US contains Chinese-written firmware in some shape or form.
It's All-American FUD.
With all the sloppers not looking at the code this is bliss for that sort of things
Not propaganda. Projected cynicism.
I'm a cynic, if history has taught me anything is that none of these countries are to be trusted with tools like these.
How should a local-run Chinese Model "phone home" if someone runs it locally on the hardware? I think Im missing some understanding here?
https://arxiv.org/abs/2401.05566
In that paper, if it LLM was told it was 2023, then the code it generated was fine. If the prompt included the fact that it was 2024, then it intentionally wrote exploitable code.
I can't see OpenAI or Anthropic undermining their business by releasing top tier open models, but surely Nvidia will do it eventually.
I sure am glad we left idolatry behind.
We aren't yet at the point where running local models can compete with DC type infrastructure but it's not that far away either. 12B models are easy to run on consumer hardware. 31B models aren't that hard either but the tokens/sec are a bit slow. Where will we be in 3 years? 5? I think we'll be running 100B+ models on <$5000 PCs. And at that point is there a law of diminishing returns with even bigger models? We will see.
The issue is that several companies, most notably OpenAI, are predicated on:
1. There will be an AI moat; and
2. That company will "win" or "own" AI.
That's the basis of the OpenAI valuation. If that doesn't happen, it's going to be ahuge problem to recover sufficient revenue to recoup the investment. And I don't think it will happen.
In 3-5 years the NVidia hardware you buy will be several times cheaper and faster than what we have now. That will massively depreciate existing investments because it will ultimately come down to performance-per-Watt but if a theoretical G100 can do 3-4x of the inference of an H100 for the same power, the older hardware just won't be able to compete.
And this is the core of why this will all end in tears. You have race conditions and thread inversion issues, between four threads in the virtual cpu of this bubble. And you are going to experience some nasty deadlocks.
T1 is -> Depreciation and amortization
T2 is -> NVDA, AMD and others booking revenues at the time they do
T3 is -> Constraint theory at it applies to time until physical deployment and data centers energy constraints
T4 is -> US Treasury bonds rates and cost of credit
>> I am here to light up the dark path you are unknowingly walking, like lamplighters who used to light street lamps for those brave enough to walk the night alone.
>> It all fell apart quickly, turning into smoke and mirrors. You see, I committed the cardinal sin of idolatry. For that, I am an idiot too. With OpenAI, at least I knew the devil
Is this a critique of the state of AI or Tolkien fanfic?
Por que no los dos? One of the most storied AI researchers is most known for his Harry Potter fanfic, and we all know how much the techbros love naming things after Tolkien...
Harry Potter and the Methods of Rationality
Hey, don't malign smut. It's the great technological motivator
"Trump to meet AI leaders to discuss US investment in their companies" - https://www.bbc.com/news/articles/c98r8r7dz5no
"Trump Officials Held Millions of Dollars of SpaceX Ahead of IPO" - https://finance.yahoo.com/markets/stocks/articles/trump-offi...
"Your 401K Is Their Exit Strategy" - https://news.ycombinator.com/item?id=48433705