A major artificial intelligence conference in Zhongguancun, Beijing’s high-tech district, pointed to a difficult reality for the world’s two leading AI powers: competition may be unavoidable, but some risks are shared.
The event brought together discussions on recursive self-improvement, humanoid robots, cybersecurity, and the future of advanced models. It also underscored a central tension in today’s AI race: the US and China are pushing forward quickly, while the risks attached to frontier systems are becoming harder to contain within national borders.
The rivalry is real, but so are the shared dangers
The US has treated China’s AI progress as both an economic challenge and a national security concern. Washington has placed tight restrictions on chips and chipmaking equipment in an effort to slow the country’s development of powerful AI systems.
That pressure has also reached access to advanced models. The US government ordered Anthropic to block foreign nationals from using its most powerful models, Mythos and Fable 5, because of national security concerns. Anthropic responded by revoking access for everyone. WIRED previously reported that one company of particular concern was a South Korean telecom giant with alleged ties to China.
Yet the Beijing conference, organized by the Beijing Academy of Artificial Intelligence, highlighted why a purely competitive frame may be too narrow. As AI becomes more powerful, more agentic, and more embedded in daily life, both countries face the possibility that advanced systems could be misused for cyberattacks or fail in catastrophic ways.
Stephen Casper, a computer scientist at MIT who spoke at the conference via video, framed the issue as inherently global:
“AI is a global technology with global benefits, global harms, and a consistent tendency for new capabilities to eventually proliferate,”
That point matters because proliferation changes the stakes. If new AI capabilities eventually spread, then one country’s unsafe deployment can become another country’s security problem.
Cybersecurity is becoming the clearest pressure point
One day-long session focused on cybersecurity challenges created by more advanced AI. The risks covered several areas: vulnerabilities in AI-generated code, new attack paths made possible by agentic tool use, and automated methods for social engineering attacks.
These are not separate from the broader AI race. Agentic systems are designed to take actions, use tools, and pursue tasks with less direct human involvement. That can make them useful, but it also creates new ways for attackers to scale harmful activity or probe systems more efficiently.
Lin Yun, a professor at Shanghai Jia Tong University who works on AI and computer security, said he expects hackers to gain an advantage in the near term. He also said the balance could shift back toward defense as new countermeasures appear, including novel uses of AI.
This is where cooperation becomes more than a diplomatic preference. If experts in different countries describe the risks in compatible ways, it becomes easier to create shared safety principles and technical standards. Yun put the challenge this way:
“The key is to find areas where sharing can reduce systemic risk without exposing sensitive operational details.”
That distinction is important. Cooperation does not have to mean revealing everything. It can mean agreeing on the categories of risk, the kinds of evaluation that matter, and the minimum expectations for safer deployment.
Open-weight AI models are testing the safety tradeoff
The hardest question may be how to preserve openness while reducing risk. Open-weight models are important for research and innovation, and Chinese models have become popular in the US. But as these systems improve, the same openness that supports experimentation can also make guardrails harder to enforce.
Over the last few years, Chinese companies have been leaders in releasing highly capable open-weight AI models. The examples named in the source include Moonshot’s Kimi, Alibaba’s Qwen, and Z.ai’s GLM. The US has also restarted its own open-weight AI push with models such as Nvidia’s Nemotron.
The concern is that the field may be nearing an inflection point. Even models that are less powerful than the very top systems could become dangerous if guardrails are removed. The latest model from China’s Z.ai, GLM 5.2, includes frontier agentic and coding capabilities, according to expert analysis.
The next generation of open-weight AI models might become as capable as Fable or Mythos. This week, 360 Security Technologies, a top Chinese cybersecurity firm, said it had developed an AI model with hacking capabilities on par with Mythos.
That raises practical questions for the AI industry:
- How can open models be kept up-to-date?
- How can users verify that they are free of backdoors and vulnerabilities?
- What safety standards should they meet before release?
- How can researchers preserve access without enabling cyber weapons?
Yun said the industry will need new ways to guarantee that open models meet those kinds of expectations. A source at one of China’s leading AI companies, who asked to remain anonymous because they were not authorized to speak to the press, said security concerns are one reason some advanced models in China are no longer being released as open source.
Cooperation may be the practical path, not the easy one
International cooperation on AI safety is complicated by strategic competition. The US and China both have incentives to protect sensitive capabilities, and neither side is likely to ignore national security concerns.
But the conference made clear that the most serious AI risks do not fit neatly inside national borders. Cyberattacks, vulnerable code, unsafe agentic behavior, and the spread of powerful open-weight models all create shared exposure. A failure in one ecosystem can affect the other if tools, methods, or models proliferate.
Casper pointed to research suggesting that the benefits of working together on AI dangers outweigh the national security risks of collaboration. He compared the moment to the way the US and the Soviet Union had to cooperate on nuclear dangers even while competing to build stockpiles.
“One thing that almost everyone in AI can agree on right now is that AI doesn't need a Chernobyl moment,”
The message from Beijing was not that rivalry is disappearing. It was that rivalry alone is an incomplete strategy. If frontier AI continues to gain more autonomy, coding ability, and cyber relevance, the US and China may need shared safety principles not because trust is abundant, but because the risks are too large to manage separately.