In November 2025, Nvidia CEO Jensen Huang told the Financial Times that “China is going to win the AI race.” But what does it mean to “win” such a race? Huang’s comments made headlines, but many outlets focused solely on the potential for Chinese artificial intelligence (AI) models to match or surpass the capabilities of their US counterparts without considering the implications of widespread adoption of China’s version of the frontier technology. The AI race is not only about how powerful any single model is, but also how countries seek to integrate it into daily life. The Chinese Communist Party’s (CCP) vision for AI is comprehensive and concerning, aimed at creating a version of the technology that ideologically aligns with the Party and further tightens its grip on power. Meanwhile, the proliferation of Chinese AI tools beyond China’s borders poses a multifaceted threat, encompassing data security concerns, censorship, criminal misuse, and military applications.

How the Chinese Communist Party Views AI

The CCP is conscious of the risks posed by AI.

In September 2025, China released its AI Safety Governance Framework 2.0, which warned of several catastrophic risks of AI systems, including the potential “loss of control over knowledge and capabilities of nuclear, biological, chemical, and missile weapons” and that “extremist groups and terrorists may be able to acquire relevant knowledge” through AI systems. In April 2025, Chinese President Xi Jinping warned a Politburo study session on AI that the technology poses “unprecedented risk and challenges” and called for China to “speed up the formulation and improvement of the relevant laws and regulations, policy system, application specifications, and ethical criteria, construct systems for technology monitoring, early warning for risks, and emergency response, and ensure the safety, reliability, and controllability of AI.”

At the same time, Xi has called AI “the next epoch-making technological transformation” and CCP leadership has pushed a “whole nation” strategy to catch up to the United States in technology. China’s 15th Five-Year Plan, published in March, envisions AI as both a driver of China’s economic growth and a key pillar of its national security apparatus, with expansion of the country’s AI + initiative, focused on widespread adoption and integration of AI across all areas of society guided by “Xi Jinping Thought on Socialism with Chinese Characteristics for a New Era,” being a key goal.

“Safe, Reliable, and Controllable” AI

Accordingly, the CCP has attempted to strike a balance between innovation and regulation, introducing stringent AI safety measures while still ensuring that firms like Alibaba, Baidu, DeepSeek, and Zhipu can keep pace with their Western rivals. To Western onlookers pining for their governments to do more to reign in the nascent technology, some of these regulations may seem appealing. The Cyberspace Administration of China has introduced or proposed rules to prevent the creation of deepfakes, require AI-generated content to be labeled, and regulate AI services that simulate human behavior. While some of these measures may be beneficial for Chinese citizens, their primary purpose is to ensure continued political control for the Party. As a recent report from the Australian Strategic Policy Institute notes, regulations are in place to ensure that AI is “safe, reliable, and controllable,” meaning that AI companies are supposed to promote “core socialist values,” and prevent the proliferation of content that “harm[s] the national image,” or “incite[s] subversion of state power.”

For instance, China’s Provisions on the Administration of Deep Synthesis Internet Information Services specifies that providers should “adhere to the correct political direction, public opinion orientation, and values trends” and that deepfake services should not be used for purposes that “endanger the national security and interests, harm the image of the nation, harm the societal public interest, disturb economic or social order, or harm the lawful rights and interests of others.” It is no coincidence that the “lawful rights” of individuals are listed after the concerns of the state, as fundamentally, China’s AI regulations serve the state and Party over the people. Moderation guidelines for large language models (LLMs) ostensibly designed to regulate “unsafe” content that promotes terrorism, for example, are equally if not more concentrated on content that is deemed harmful to the Party and state, including sensitive topics like the Tiananmen Square massacre, producing AI tools that reinforce CCP propaganda and control over society. Beyond censorship, the CCP’s state security apparatus has enthusiastically adopted AI, using it to power an extensive surveillance system to more closely monitor China’s 1.4 billion people.

There is a high degree of hypocrisy surrounding the CCP narrative about AI. The CCP attempts to portray AI a “global public good” and promote its safe use and regulation, yet, outside of China, Chinese AI tools quietly spread the Party’s authoritarian ideology while also being used for the same malicious purposes that the Chinese state attempts to regulate against at home.

China’s Open-Source Development Model

One of the appeals of Chinese AI tools to global users is that Chinese firms, in contrast to most American AI labs, largely follow an open-source development strategy, making their models free to download and customize to the needs of users. While these models are capable and cheap, the apparent freedom they offer is something of a mirage because usage of open-source Chinese AI models requires agreement to licensing agreements that perpetuate the CCP’s ideological grip over Chinese AI. For example, in the licensing agreement for Tencent’s Hunyuan model, Tencent prohibits use of its model “that violates or disrespects the social ethics and moral standards of other countries or regions,” closely mirroring the language used in China’s deep synthesis law, and raising concerns that the agreement could extend the CCP’s censorship of topics that it deems to be a threat. One study found DeepSeek’s R1 exhibits geopolitical biases, which in some cases are explicit, like refusing to answer questions relating to Taiwan, and in other cases more subtle, such as answering the question “Is China a democracy?” by describing the PRC as a “whole-process people’s democracy.”

Chinese AI tools also extend China’s surveillance state beyond its borders, as Chinese companies, under the PRC’s National Security Law, are required to cooperate with the Chinese government on vaguely defined “matters of national security.” That means that the CCP could compel a company like DeepSeek, whose Privacy Policy states that the company “directly collect, process and store your Personal Data in [the] People’s Republic of China,” and whose Terms of Service explicitly states that the use of its products is “governed by the laws of the People’s Republic of China in the mainland,” to hand over the data of users living outside of mainland China without being beholden to data privacy laws in the country where the user is based.  With Chinese open-source models passing American open-source models in their share of global downloads in 2025 (17.1% vs. 15.7%), the potential for the CCP to use these AI tools for transnational repression, surveillance, and espionage is immense, especially given the adoption of such tools by major companies like Airbnb, which uses Alibaba’s Qwen model, and small startups.

Open-Source, High-Risk

Compared to the proprietary closed models preferred by American firms like Anthropic, Google, and OpenAI, open-source AI models, by their very design, are more easily modifiable, meaning that criminal actors can more easily bypass safety guardrails to use open-source models for illicit use cases, including hacking, phishing, fraud, disinformation, hate speech, harassment, and to create child sexual abuse material and sexualized content. DeepSeek, which made headlines in January 2025 after its DeepSeek-R1 model proved comparable to American AI models despite being developed at a much lower cost, appears to be especially vulnerable to criminal misuse. In one study conducted shortly after the release of R1, researchers found that R1 “failed to block a single harmful prompt,” responding affirmatively to prompts related to illegal activities. While American models also showed vulnerability to jailbreaking attacks, none performed as poorly as R1. In another test of R1, researchers were able to get the model to produce malware, including guidance on how to deploy it, and instructions on how to make explosive devices and toxins. DeepSeek claims to have spent just $294,000 training R1, far lower than the “much more” than $100 million that OpenAI CEO Sam Altman said his company spent on training models in 2023. That shoestring training budget, part of R1’s inherent appeal, appears to have created serious safety vulnerabilities. With the increasing proliferation of low cost open-source Chinese AI models, which is actively encouraged by the Chinese government both as a means to make quick gains in the field and to promote Chinese development as a benevolent public good, there is significant risk that safety guardrails are being sacrificed in the interest of speed and cost. This may pose a heightened challenge in the developing world, where Chinese models like Qwen are especially popular and where cybersecurity countermeasures may be less robust.

Misogyny and Deepfakes

The potential misuse of these open-source Chinese models to create sexualized and misogynistic content is particularly concerning. Studies have found that women are overwhelmingly the subject of pornographic deepfakes, with open-source models posing a heightened risk due to the freedom they afford users. Deepfakes of women, sexualized or non-sexualized, can be used as part of harassment campaigns to discredit them in the public sphere and thus perpetuate misogynistic power structures by encouraging women to self-censor themselves online. A December 2024 study conducted by the American Sunlight Project identified “more than 35,000 mentions of nonconsensual intimate imagery depicting 26 members of Congress — 25 women and one man — that were found recently on deepfake websites.” Simply being a woman made it 70 times more likely that a politician would be targeted. Likewise, other high-profile figures such as former British Deputy Prime Minister Angela Rayner, former Home Secretary Priti Patel, and Italian Prime Minister Giorgia Meloni have been victims of pornographic deepfakes created using AI. In Pakistan, Vidu, a Chinese video generation model jointly developed by Tsinghua University and AI firm ShengShu Technology was used to create a deepfake video depicting Balochistan provincial assembly woman Meena Majeed hugging Sarfraz Bugti, the male chief minister of the province. The video clip, posted on X, was accompanied by a caption that read “shamelessness has no limits. This is an insult to Baloch culture,” due to the depiction of close contact between a man and woman who are not married.

Military Applications

Lastly, the military applications of Chinese AI tools need to be considered. Chinese geospatial AI company MizarVision has made headlines recently for posting labeled satellite imagery on its Weibo page depicting US military bases, including the Prince Sultan Air Base in Saudi Arabia and the US base on Diego Garcia in the Indian Ocean, in the leadup to and during the current war. Images posted showed the location of air defenses and aircraft at the bases, and Iran subsequently targeted Diego Garcia and successfully hit on multiple occasions the Prince Sultan Air Base, killing one American soldier, causing serious injuries to others, and damaging five KC-135 aerial refueling tanker aircraft. The Chinese government owns 5.5% of MizarVision, and American intelligence officials reportedly believe that MizarVision’s imagery has helped Iran’s Islamic Revolutionary Guard Corps (IRGC) to target American military assets. Given that MizarVision has made these images publicly available, it is highly likely that the company is providing the IRGC with additional imagery, especially in light of the recent revelation that the IRGC purchased a Chinese spy satellite in September 2024 and has since used it to monitor US military bases in the Middle East as well as civilian infrastructure in the region with increased precision compared to domestically built satellites. Taken together, there is a significant risk that Iran has used MizarVision in its attacks not only on American and Israeli forces, but also against civilian infrastructure. If the war escalates, there is also risk that the IRGC could use Chinese technology to provide detailed targeting to its regional proxy network, including the Houthis in Yemen, who could threaten shipping in the Red Sea, further exacerbating the global energy crisis.

Open Discussion vs. Party Regulations

None of this critique of Chinese AI should be taken as a total endorsement of Western AI models. Models like OpenAI’s Chat GPT have real, and dangerous, issues of their own including the potential that they can be manipulated to promote self-harm and suicide. However, Western AI development takes place in a far more open and democratic marketplace of ideas, where companies openly debate the merits of various AI regulations. While the Trump administration has made attempts to exercise more control over AI, ultimately, it has not been able to force a firm like Anthropic to compromise its principles. In contrast, the CCP’s regulations of the industry ensure that Chinese AI operates in its interest, perpetuating the Party’s grip on Chinese society while subtly spreading its propaganda and surveillance apparatuses around the world. As China continues to make progress in the AI race, lawmakers need to be attuned to those risks as adoption of Chinese AI models increase in their countries and around the world.