Booz Allen Report Finds Chinese AI Models Produce More Vulnerable Code When Prompted by U.S. Users

Booz Allen Hamilton's report, released in late May, centers on a concern that the growing use of Chinese large language models to generate code inside American software supply chains may be introducing exploitable security flaws. The firm defined "vulnerabilities" as code that enables unauthorized access, data theft, system disruption, or software control, and examined common flaws including hardcoded passwords, SQL injection risks, missing security tokens, outdated encryption, and disabled security checks. Analysts used both manual verification and automated checks to quantify flaws per model.

The report's framing drew on the concept of "sleeper agent" behavior — the idea that a model appears to function normally until a specific trigger, such as a user identifying as a U.S. government employee, causes it to produce degraded or insecure outputs. Booz Allen noted that Chinese law requires AI models and training data to reflect "Core Socialist Values," and that the models tested refused tasks conflicting with Chinese government interests at higher rates than Claude.

Independent researchers offered qualified assessments. Lenart Heim, a former RAND Corporation AI researcher, described the study as "credible" and noted that a 2025 CrowdStrike study found politically sensitive trigger words caused DeepSeek to generate up to 50% more insecure code. Heim said he found it "pretty implausible" that Chinese developers intentionally implemented sleeper agents with these specific triggers, suggesting the differential was more likely a side effect of "CCP-aligned fine-tuning." He also noted that Booz Allen accessed the models online rather than running them locally, which he said may make them more susceptible to bias in outputs.