Booz Allen Hamilton warned that Chinese artificial intelligence (AI) coding models used by U.S. developers could create hidden software-supply-chain risks for government, contractor, and critical-infrastructure systems, after its testing found some models generated more vulnerable code when prompted as if the user worked for the U.S. government.
Booz Allen is a government contractor that provides AI and cybersecurity services.
The company said three of the four Chinese models produced more vulnerable code when the prompt used a U.S. government persona. It also said all four Chinese-built models refused some mock U.S. government coding tasks involving topics Beijing treats as politically sensitive.
Models Behind the Code
Booz Allen tested Qwen3-Coder from Alibaba, MiniMax M2.5, Kimi K2.5 from Moonshot AI, DeepSeek V4-Pro, and Claude Opus 4.6, according to the report.The company said its testing used coding tasks, security-audit tasks, modification requests, user personas, prompt-language variables, and access-point variables such as cloud API and local hosting. The findings in the report were based on English prompts, with analysis of Mandarin prompts and access-point differences still underway.
Booz Allen said Qwen3-Coder performed worst in the U.S. government-persona test, producing a 130 percent increase in vulnerabilities compared with a neutral-user prompt. MiniMax M2.5 showed a 20 percent increase, and DeepSeek V4-Pro showed a 5 percent increase, according to the report.
Government-Persona Risk
The report said the concern is not limited to a developer directly telling a model that the work is for a government agency.In modern AI-assisted development, Booz Allen said, coding tools can receive contextual information from a project, including license headers, filenames, code comments, or repository details, that may reveal whether the work is tied to a federal agency, defense contractor, or other sensitive environment.
That raises a practical question for agencies and contractors: whether code generated, audited, or modified by a foreign AI model can be traced after it enters a product, system, or software update.
Beijing’s Censorship Rules Enter Workflow
Booz Allen’s second major finding concerned political refusals. The company said all four Chinese models refused some mock U.S. government tasks involving topics that Beijing censors or treats as politically sensitive.The report cited prompts involving Chinese dissidents, Taiwan’s political status, Hong Kong democracy, Uyghurs, Tibetans, and the Falun Gong spiritual practice. It said MiniMax M2.5 had the highest mean refusal rate in those tests, at 80 percent, compared with 2 percent for Claude Opus 4.6.
Chinese authorities’ rules require generative-AI services to follow political-content controls. The Cyberspace Administration of China’s 2023 interim measures for generative AI require providers and users to “uphold socialist core values” and prohibit content that it labels as subverting state power, undermining the socialist system, harming national security, damaging China’s image, splitting the country, or undermining national unity and social stability.
Federal Procurement and Contractor Exposure
Separately, two House panels opened a joint investigation in April into national-security and cybersecurity risks from China-developed AI models.House Homeland Security Committee Chairman Andrew Garbarino (R-N.Y.) and House Select Committee on the Chinese Communist Party Chairman John Moolenaar (R-Mich.) announced the investigation on April 29. The committees said they were examining the growing adoption of low-cost, open-weight, and API-accessible Chinese AI systems developed by companies including DeepSeek, Alibaba, Moonshot AI, and MiniMax.
The House inquiry gives the Booz Allen findings a policy context: Lawmakers are already asking whether U.S. companies can identify the origin, developers, and foreign-government links of AI models integrated into software tools and business operations.

In a letter to Anysphere, the maker of the AI coding tool Cursor, the committees said they were investigating the integration of China-developed AI models into software tools and development environments on which “American enterprise, government, critical infrastructure, and national defense increasingly depend.”
The committees asked Anysphere to provide documents and information about any direct or indirect relationship with China-based entities, including Moonshot AI, DeepSeek, MiniMax, and Alibaba Group. The letter also requested information about model provenance and any China-origin model used in the company’s products.
In a separate letter to Airbnb, the committees raised concerns about the company’s reported use of Alibaba’s Qwen model for customer-service operations and asked for information about any Chinese AI models deployed, tested, or considered by the company.








