← Back to stories Artistic image featuring a circuit board viewed through a wire mesh, highlighting technology security.
Photo by Mikhail Nilov on Pexels
虎嗅 2026-03-11

If China's open-source models lose the security competition, they will also lose the AI competition

Security first: capability alone won't win the race

It has been reported that a recent Chinese cross‑model evaluation — circulated in Huxiu and led by Beijing research groups — makes a blunt argument: safety, not raw capability or price, will decide whether open‑source Chinese models can compete globally. Short answer: if open models skimp on alignment and defence, they risk exclusion from high‑value domains such as AI for Science. Long answer: the study names Anthropic's Claude‑4.5 series as the current safety exemplar and flags DeepSeek's Speciale variant as unusually fragile, underscoring that higher capability does not automatically yield higher safety. Who pays the “alignment tax”? Smaller open teams with constrained resources may be priced out.

The paper — reportedly developed by the Beijing AI Safety & Governance Laboratory, the AI Safety & Superalignment Beijing Key Lab and partners, and said to have backing from the Beijing municipal economic bureau — proposes a layered ForesightSafety Bench. It covers basic safety, extended safety (including AI–physical world interactions and existential risks) and eight industry‑specific pillars (finance, healthcare, engineering). The benchmark evaluates both benign user interactions and jailbreak attacks across dozens of dimensions. The headline result: Claude‑4.5 tops the rankings on most measures; some Chinese and US closed models sit near the low‑risk front, but DeepSeek‑V3.2‑Speciale, Grok‑4‑Fast and a GPT‑5.2 candidate ranked near the bottom in this snapshot.

Benchmarks, geopolitics and a shared language

Benchmarking is not perfect — no metric is — but the report argues it is the cheapest, most scalable tool to create visibility and accountability. That matters in a geopolitically fraught environment where export controls, sanctions and rising US‑China tech tensions already shape which models and components move across borders. It has been reported that international commentators, including Anthropic co‑founders and US policy figures, view evaluation‑first approaches as the practical meeting ground for cross‑border scrutiny: assessment can be a common language where broader trust is thin.

The study's mixed findings carry a clear policy implication. Open‑source advocates point to impressive safety parity in some models — for example, Alibaba (阿里巴巴)'s Qwen‑3 family and Zhipu AI (智谱)'s GLM‑4.7 appear on the lower‑risk list alongside some closed alternatives — but the report urges governance conversations to move beyond a binary “open vs closed” frame and toward sustained investment in alignment, red‑teaming and repeatable, public evaluation. In short: if China’s open models are to play in the most sensitive global arenas, they must treat security as a feature, not an afterthought.

AI
View original source →