Chinese AI Coding Models Pose Hidden Risk to US Software Supply Chain, Report Says

Booz Allen says several tested Chinese models generated more vulnerable code under U.S. government prompts and refused tasks involving Beijing-censored topics.
Chinese AI Coding Models Pose Hidden Risk to US Software Supply Chain, Report Says
The World Artificial Intelligence Conference in Shanghai, China, on July 6, 2023. Aly Song/Reuters
|Updated:
0:00

Booz Allen Hamilton warned that Chinese artificial intelligence (AI) coding models used by U.S. developers could create hidden software-supply-chain risks for government, contractor, and critical-infrastructure systems, after its testing found some models generated more vulnerable code when prompted as if the user worked for the U.S. government.

The company said in its June report “What’s in America’s Code?” that it tested four Chinese coding models and one U.S. model across more than 2,800 trials, generating about 460,000 lines of code.

Booz Allen is a government contractor that provides AI and cybersecurity services.

The company said three of the four Chinese models produced more vulnerable code when the prompt used a U.S. government persona. It also said all four Chinese-built models refused some mock U.S. government coding tasks involving topics Beijing treats as politically sensitive.

The findings come as U.S. agencies are under pressure to adopt AI while managing procurement, cybersecurity, privacy, and vendor-risk rules. The White House in April 2025 released federal AI-use and AI-procurement policies, including a memorandum on acquiring AI capabilities “quickly, competitively, and responsibly.”

Models Behind the Code

Booz Allen tested Qwen3-Coder from Alibaba, MiniMax M2.5, Kimi K2.5 from Moonshot AI, DeepSeek V4-Pro, and Claude Opus 4.6, according to the report.

The company said its testing used coding tasks, security-audit tasks, modification requests, user personas, prompt-language variables, and access-point variables such as cloud API and local hosting. The findings in the report were based on English prompts, with analysis of Mandarin prompts and access-point differences still underway.

Booz Allen said Qwen3-Coder performed worst in the U.S. government-persona test, producing a 130 percent increase in vulnerabilities compared with a neutral-user prompt. MiniMax M2.5 showed a 20 percent increase, and DeepSeek V4-Pro showed a 5 percent increase, according to the report.

The report did not claim to establish whether the flaws were intentional. Booz Allen described the risk instead as one in which code that appears correct can contain vulnerabilities that are difficult to detect before reaching production systems.

Government-Persona Risk

The report said the concern is not limited to a developer directly telling a model that the work is for a government agency.

In modern AI-assisted development, Booz Allen said, coding tools can receive contextual information from a project, including license headers, filenames, code comments, or repository details, that may reveal whether the work is tied to a federal agency, defense contractor, or other sensitive environment.

That raises a practical question for agencies and contractors: whether code generated, audited, or modified by a foreign AI model can be traced after it enters a product, system, or software update.

Booz Allen recommended that untrusted AI models be blocked from U.S. government and critical-infrastructure use and that U.S. companies and agencies build stronger software-provenance controls.

Beijing’s Censorship Rules Enter Workflow

Booz Allen’s second major finding concerned political refusals. The company said all four Chinese models refused some mock U.S. government tasks involving topics that Beijing censors or treats as politically sensitive.

The report cited prompts involving Chinese dissidents, Taiwan’s political status, Hong Kong democracy, Uyghurs, Tibetans, and the Falun Gong spiritual practice. It said MiniMax M2.5 had the highest mean refusal rate in those tests, at 80 percent, compared with 2 percent for Claude Opus 4.6.

Chinese authorities’ rules require generative-AI services to follow political-content controls. The Cyberspace Administration of China’s 2023 interim measures for generative AI require providers and users to “uphold socialist core values” and prohibit content that it labels as subverting state power, undermining the socialist system, harming national security, damaging China’s image, splitting the country, or undermining national unity and social stability.

The rules also require providers of generative-AI services with public-opinion or social-mobilization attributes to conduct security assessments and complete algorithm-filing procedures.

Federal Procurement and Contractor Exposure

Separately, two House panels opened a joint investigation in April into national-security and cybersecurity risks from China-developed AI models.

House Homeland Security Committee Chairman Andrew Garbarino (R-N.Y.) and House Select Committee on the Chinese Communist Party Chairman John Moolenaar (R-Mich.) announced the investigation on April 29. The committees said they were examining the growing adoption of low-cost, open-weight, and API-accessible Chinese AI systems developed by companies including DeepSeek, Alibaba, Moonshot AI, and MiniMax.

The House inquiry gives the Booz Allen findings a policy context: Lawmakers are already asking whether U.S. companies can identify the origin, developers, and foreign-government links of AI models integrated into software tools and business operations.

A portion of an April 29 letter from the House Homeland Security Committee and the House Select Committee on the Chinese Communist Party to Anysphere, maker of Cursor. (House Homeland Security Committee)
A portion of an April 29 letter from the House Homeland Security Committee and the House Select Committee on the Chinese Communist Party to Anysphere, maker of Cursor. House Homeland Security Committee

In a letter to Anysphere, the maker of the AI coding tool Cursor, the committees said they were investigating the integration of China-developed AI models into software tools and development environments on which “American enterprise, government, critical infrastructure, and national defense increasingly depend.”

The committees asked Anysphere to provide documents and information about any direct or indirect relationship with China-based entities, including Moonshot AI, DeepSeek, MiniMax, and Alibaba Group. The letter also requested information about model provenance and any China-origin model used in the company’s products.

In a separate letter to Airbnb, the committees raised concerns about the company’s reported use of Alibaba’s Qwen model for customer-service operations and asked for information about any Chinese AI models deployed, tested, or considered by the company.

A portion of an April 29 letter from the House Homeland Security Committee and the House Select Committee on the Chinese Communist Party to Airbnb. (House Homeland Security Committee.)
A portion of an April 29 letter from the House Homeland Security Committee and the House Select Committee on the Chinese Communist Party to Airbnb. House Homeland Security Committee.
In response to a request for comment, Airbnb said privacy and security guide its use of AI.
“Privacy and security come first in Airbnb’s approach to AI,” an Airbnb spokesperson told The Epoch Times. “Our AI activity runs overwhelmingly on U.S.-origin models. We use only a limited number of China-origin models, all of which are open source and run only through approved U.S.-based service providers, keeping data and operations separate and protected.”
The Epoch Times contacted Anysphere and the House committees for comment on whether companies have responded to the congressional inquiry and whether U.S. firms should disclose when China-origin AI models are used in software-development or business systems, but did not hear back by publication time.
Google LogoMark Us Preferred on Google
Arthur Zhang
Arthur Zhang
Author
Arthur Zhang is a reporter for The Epoch Times. He is a U.S. veteran who holds an M.A. in history and international relations.