The dangerousness of Chinese AI models depends in particular on their nature, operating mode and the security devices implemented.

Is using a Chinese AI model by nature risky? Faced with the spectacular boom in artificial intelligence models from the Middle Empire in the past twelve months, the question becomes essential. The answer is however far from simple and binary. In reality, security depends on several factors: the transparency of the model (open source or owner), its deployment (locally or in the cloud), as well as the security put in place.

Open source more secure by nature

Due to their open design, the open source models still remain the most secure models for experts in 2025. “Open source is generally more secure. Even if most vulnerabilities are found on open source models, it is precisely thanks to this transparency that they are secure,” explains Fred Simon, co -founder and chief Data Scientist of JFROG. This analysis also applies to Chinese AI models like Deepseek or Yi whose weights and architecture can be examined to detect possible manipulations.

The JFROG company has also developed completely automated test systems, including HoneyPots, to secure Hugging Face models and has already identified “more than 60 problematic models.” Among these models, more than 45 were created by security researchers who wanted to test whether certain vulnerabilities were possible and functional. His team also discovered some models which were “really malicious”, without these risks specifically relating to models of Chinese origin. The latter are systematically reported to Hugging Face and quickly deleted. Besides Fred Simon assures it, none of the open source versions of Deepseek models has so far revealed security flaws, apart from the integrated Chinese censorship.

Owner models, Low IA link

Unlike open source models, owner models are real black boxes. Their publishers do not disclose the weights or internal architecture, making any in -depth analysis of their operation impossible. A opacity that raises serious concerns, especially when these models are hosted on foreign clouds. Whether American or Chinese, uncontrolled inference points expose user data to major risks: stolen doors or forced collaborations with diets whose data protection practices radically diverge European standards.

This concern increases significantly with the models hosted by Chinese publishers. “The problem with Chinese environments like Alibaba is that there is no way to verify, even if they claim it, the confidentiality of the data exchanged with their LLM. There is no reliable contractual framework for this,” recalls Fred Simon. In addition, Western and Chinese legal frameworks are radically different. “In the event of data violation by OPENAI or Anthropic, companies have clear legal remedies: the incident becomes public and can lead to legal proceedings. Conversely, the Chinese system requires systematic monitoring. Any data transitting by their servers can be legally analyzed by government authorities, without transparency or counter-power,” warns the specialist.

Companies are exposed to significant risks using these AIs hosted in China. “The use of API constitutes a real gold mine for Chinese operators. Unlike graphic interfaces, the APIs generate a volume of significantly higher and much more detailed requests. Each call then becomes a precious source of data allowing to map the activity and interests of your business precisely,” recalls Michael Freeman, Head of Threat Intelligence within Armis, a company specialized in cybersecurity.

How to secure models?

So how do you deal with all these risks when you are a business? The first measure is to favor the local execution of the models. “Large advisory companies are increasingly using artificial intelligence, but are turning everything internally,” observes Fred Simon. This approach, although technically demanding, considerably limits sensitive data leaks to foreign servers. Monitoring of execution environments is also a major issue. “What we discovered is that the real dangers reside in the models for the execution of the models,” explains Fred Simon. JFROG is particularly interested in the code surrounding the AI ​​models. “These are Python, MLFlow and Tensorflow environments. This is where the most important security problems are,” he said.

For his part, Michael Freeman recommends a multi-agent architecture to strengthen security: “We are developing systems based on agents specifically designed to monitor and validate the performance of other agents.” This cross surveillance makes it possible to quickly identify suspicious behavior or potential flaws. “For models generating code, we build other agents who automatically look for specific vulnerabilities, such as the use of a static IV (random value used to encrypt data, editor’s note) in a cryptographic function or inappropriate keys storage methods, “he said.

Ultimately, the Chinese Open Source models, if they are properly analyzed, have no more risks than their American or European equivalents. For proprietary models, the distinction is more subtle. If theoretically the level of risk should be comparable between American and Chinese services, it is the legal framework that changes the situation. Chinese law (and in particular the National Intelligence Law) requires companies compulsory cooperation with the authorities, without the legal protections or the transparency existing in Western democracies.