Chinese AI models dominate US enterprise adoption, outpacing policy responses
Chinese open-source AI models have become the default choice across US enterprises, with Alibaba's Qwen and DeepSeek establishing market dominance that US export controls were not designed to address, according to a US-China Economic and Security Review Commission paper released this week.
The scale is stark. Qwen now hosts over 100,000 derivative models on Hugging Face, the largest ecosystem on the platform. From November to December 2025, seven of the ten most downloaded models came from Chinese labs. A venture capital analyst estimated that roughly 80% of US startups build applications on Chinese base models.
Pricing accelerates adoption. Moonshot AI's Kimi K2.5 costs four times less than OpenAI's GPT-5.2 while matching its capability scores, according to Artificial Analysis benchmark data cited in the paper.
Enterprise procurement has lost visibility
The problem for IT leaders is that model adoption happens invisibly. Models enter environments through copilots, SaaS platforms, API layers, and fine-tuned derivatives - often several layers removed from the original source.
"Enterprises are no longer making a clear, deliberate choice about which AI model they adopt," said Sanchit Vir Gogia, chief analyst at Greyhound Research. "The enterprise is often several layers removed from the original source."
Traditional third-party risk management was never designed for this opacity. Legacy frameworks don't track model ancestry, fine-tuning chains, training data inheritance, or runtime routing behavior.
Security gaps outpace governance
The National Institute of Standards and Technology evaluated DeepSeek's models in September 2025 and found agents based on its most secure model were 12 times more likely than US frontier models to follow malicious instructions. In simulated tests, hijacked agents sent phishing emails, downloaded malware, and exfiltrated user login credentials.
Chinese models also carry political content restrictions and data jurisdictional risks. Enterprises routing workloads through Chinese-linked providers face regulatory scrutiny in Europe and South Korea.
"CIOs should extend risk frameworks to include model lineage, mandating vendors to disclose model origins and training data," said Deepika Giri, AVP and regional head of AI, analytics, and data at IDC. "It is not just adequate if models are small - they also must be safe to be enterprise-grade."
Gogia recommended treating AI like a software supply chain. "A Model Bill of Materials must capture base model origin, derivative history, datasets used, and hosting geography - and must be continuously updated, because these systems change in production without triggering traditional procurement events."
China's two-loop advantage widens
The commission identified two reinforcing cycles that give China an advantage US policy doesn't address.
The first is digital: open models drive adoption, adoption drives iteration, and iteration produces more capable models. The second runs through the physical economy - AI deployed across China's factories, logistics networks, and robotics generates proprietary real-world data that feeds back into model improvement.
Beijing formalized this in 2020, designating data as the fifth factor of production and allowing enterprises to carry data assets on their balance sheets - a first globally.
The models most consequential for enterprise deployment are not flagship large language models but small, task-specific models. A Nvidia research paper cited by the commission found that small models handle the bulk of operational subtasks in agentic AI systems at costs 10 to 30 times lower than frontier alternatives. China's open ecosystem already dominates this category.
"The real question is no longer which flagship model a vendor uses," Gogia said. "The real question is which models are actually executing tasks in production - what they are derived from, how often they are updated or swapped, and how they are governed."
US response remains uncoordinated
The commission acknowledged nascent steps by US firms but warned the overall response is fragmented. OpenAI released its first open-weight models since GPT-2 in August 2025, followed by Nvidia's Nemotron 3 in March 2026. Meta is reportedly preparing to shift its next-generation model to a closed, API-only approach.
"If sustained," the paper said, "Meta's retreat from openness would leave the United States without a major frontier model developer anchoring its open AI ecosystem at precisely the moment China's state-backed open development is accelerating."
US export controls primarily target hardware access for training. They don't address the data advantages generated by deploying AI across manufacturing at scale - a gap that widens as smaller, more efficient models reduce dependence on cutting-edge chips.
For IT teams, the immediate issue is governance. Model provenance is now a supply chain problem that existing procurement processes don't solve.
Your membership also unlocks:
