US-China AI confrontation is heating up, but scholars from both countries agree: Don't let AI usher in a 'Chernobyl moment'.

WIRED went directly to Beijing’s Zhongguancun AI Annual Conference, and the biggest conclusion after interviewing top scholars from China and the US was this: the cybersecurity risks of frontier AI have become so large that neither side can afford to bear them alone, and the capability limits of open-source models are nearing a dangerous tipping point.
(Background: Anthropic was “blocked” by the US government, pulled down the Fable model; foreign media cite three major concerns: the risk of assisting China with open source)
(Background supplement: Nvidia launches its strongest open-source model, Nemotron 3 Ultra—focused on AI agent tasks)

Table of Contents

Toggle

• An AI arms race, yet giving rise to nuclear deterrence
• The boundaries of open-source models are approaching a dangerous tipping point
• China is also quietly closing doors

WIRED reporter Will Knight attended this conference hosted by the Beijing Academy of Artificial Intelligence (BAAI). On-site, participants tackled a wide range of topics—from recursive self-improvement and humanoid robots to quantum security. Attendees included Whitfield Diffie, co-inventor of public-key cryptography, and Andrew Barto, who won the Turing Award for foundational research in reinforcement learning.

In the article, Knight wrote that when he left the venue, he was left with only one thought: the US and China must set aside the hostility of the AI race. The reason is not diplomatic rhetoric but technological reality—cybersecurity risks from frontier AI are expanding at a speed faster than any single nation’s policies can keep up with.

An AI arms race, yet giving rise to nuclear deterrence

The standard framework in Washington is to view China’s AI progress as an economic and national security threat. Export controls continue to tighten, restricting the flow of high-end chips and manufacturing equipment to China; this June, the US government went a step further and, on the grounds of national security, demanded that Anthropic stop letting foreign individuals access its two most powerful models, Mythos 5 and Fable 5.

Anthropic immediately shut off access to both models for everyone. One reason was the authorities’ concern that Fable 5’s safeguards could be cracked, thereby unlocking Mythos’s capability for cyberattacks.

However, this Beijing conference sent a completely different message: AI developed too quickly and without restraint poses risks to both the US and China—not a bargaining chip for just one side.

MIT computer scientist Stephen Casper spoke at the conference via video. He cited a study showing that the benefits of cooperation in AI risk among the international community far outweigh the security hazards created by cooperation itself. Casper offered Knight an analogy: “Almost everyone in the AI field can agree on one thing: AI doesn’t need a Chernobyl moment.”

He pointed out that this mirrors the contradictory logic from the Cold War era, when the US and the Soviet Union were at odds over nuclear weapons—both sides raced to expand their arsenals while also having to build mechanisms to manage nuclear crises. What they were most wary of was increasingly powerful agentic AI; once capabilities continued to improve, even a slight loss of control could lead to large-scale destruction.

The boundaries of open-source models are approaching a dangerous tipping point

If cybersecurity risks are a warning at the theoretical level, then the expansion of open-source model capabilities is a landmine that is visible right in front of you.

In recent years, Chinese companies have been leading in the open-weight model space: Kimi from Moonshot AI, Qwen from Alibaba, and GLM from Z.ai all have a large user base within the US research community. The US counterattack is Nvidia’s Nemotron, an attempt to rebuild open-source competitiveness.

But analyses of GLM 5.2 by experts show that Z.ai’s latest-generation model already has frontier-level agent capabilities and programming-writing abilities. In the next generation, an open-source model’s capabilities may be on par with Fable or Mythos.

Lin Yun, a professor at Shanghai Jiao Tong University who has long studied the intersection of AI and information security, told Knight that in the short term, hackers do have the advantage. But new defense approaches—including countermeasures that AI itself can provide—should flip the situation in the medium to long term. The more core issue, he said, is standards: “If different countries have similar understandings of risk, it becomes easier to build shared safety principles and technical standards,” Yun said. “The key is to find shared areas that reduce systemic risk without exposing sensitive operational details.”

Lin Yun also raised a thorny open question: how can the industry ensure that open-source models are continuously updated, free of backdoor vulnerabilities, and meet safety standards? There is currently no answer to this question.

China is also quietly closing doors

One detail that should not be overlooked comes from an anonymous source interviewed by Will Knight: an insider at a top Chinese AI company requested anonymity because they had not been authorized to speak to the media. They revealed that security concerns are one of the reasons some advanced models are no longer released as open source.

This is a signal worth carefully reading. Chinese AI companies have long used an open-source posture to gain global influence. But if even China’s own leading players start imposing restrictions on some models, then the boundary between open source and closed source is being redefined. After all, export controls regulate the flow of computing power, but the spread of model capabilities is soft and borderless. When the open-source community can reproduce 90% of a closed-source model’s capabilities, and when open models themselves can become cyber weapons, any unilateral controls can only delay—not stop—the spread.

The US and China are the main sources of today’s most advanced models, and therefore the two sides with the greatest responsibility in this risk. Casper put it bluntly: “AI is a global technology. It brings global benefits and global harm, and ultimately, new capabilities spread across the world—that’s its consistent tendency.” No matter how long the tug-of-war over export controls between Beijing and Washington continues, this logic will not disappear.