Chinese AI models raise cybersecurity concerns, new report warns

Chinese AI models raise cybersecurity concerns, new report warns

by KAYLA GASKINS | The National News Desk

WASHINGTON (TNND) — Chinese artificial intelligence models are rapidly gaining popularity in the United States, driven in part by lower costs and growing capabilities. But a new report from defense contractor Booz Allen Hamilton is raising questions about whether those savings could come with cybersecurity risks.

Researchers at the company examined four widely used Chinese AI models to evaluate how they performed when tasked with writing computer code. (TNND)

Researchers at the company examined four widely used Chinese AI models to evaluate how they performed when tasked with writing computer code. Their findings suggest some models generated significantly more security vulnerabilities under specific conditions, particularly when prompted to believe they were working for U.S. government users.

“Can code developed by these AI models be trusted?” posed Brad Medairy, president of Booz Allen’s national cyber business.

According to the study, the vulnerabilities were not traditional malware or obvious malicious code. Instead, researchers said some models appeared to alter their behavior based on the identity of the user, producing software with weaknesses that could potentially be exploited by nefarious actors.

“What we're talking about here in vulnerabilities, this is a new class of threat,” said Eric Syphard, a senior vice president at Booz Allen.

Researchers compared the phenomenon to a “sleeper agent” — a system that appears to function normally until certain conditions trigger a different response. Unlike conventional cyberattacks that rely on hackers breaking into networks or exploiting software flaws, the concern is that organizations could unknowingly introduce vulnerabilities simply by relying on AI-generated code.

“This is a category of threat that we as a country need to figure out how to quantify and measure, how to apply guardrails that don't dampen innovation but also keep these systems secure,” Syphard said.

Supporters of the report argue the findings highlight the risks of depending on foreign-developed AI tools for sensitive government, military and critical infrastructure applications.

“The real impact here is: do we want to use Chinese models trained on Chinese doctrine that produce more vulnerable code in systems that power our critical infrastructure or our national security systems?” Medairy said.

Not everyone agrees the findings warrant broad conclusions. Critics have argued that additional research is needed to determine whether the observed behavior is unique to Chinese models or reflects broader challenges facing large language models.

A technology consultant and senior research fellow at King’s College London told Fox News Digital that the report “underplays the complexity of the issue.”

The findings are already drawing attention on Capitol Hill. Sen. Tom Cotton has argued American companies should avoid using Chinese AI models to write code, warning they could introduce additional cybersecurity vulnerabilities into critical systems.