China’s Mythos Moment
How will Beijing respond when it comes?
China’s AI Mythos moment is coming. What happens next?
Claude Mythos has completely scrambled American AI policy. Trump 2.0 — an administration whose AI-dominance rhetoric manifested in a let-it-rip regulatory approach — is shook. To quote Dean Ball, “we currently have a de facto involuntary licensing pre-approval regime for frontier models” from the administration that promised us the opposite of that.
Will Beijing also freak out once it faces the prospect of wide domestic access to a model that can hack everything? We may not have long to find out. A Zhipu AI co-founder called his shot, telling Elon on X that China will have a model on par with Mythos before the end of the year. Even if he’s off by a few months, the American think tank IAPS puts the date at February 2027. A Chinese Mythos-level model is inevitable and only months off. Politics is now shaping not just the hardware ecosystem but the model layer.
What does this turning point mean for the domestic Chinese AI ecosystem, Chinese regulation, open source in China and around the world, US-China governance efforts, and broader global AI safety? To discuss, we have back on the show Kevin Xu of Interconnected and Matt Sheehan of Carnegie.
In this episode, we discuss…
Whether Beijing will panic the way Washington did when China gets its own Mythos-level model, and why that moment may be only months away.
Why China’s existing AI bureaucracy may be better prepared for frontier models than America’s scramble to figure out who’s in charge.
What a “Project Glasswing with Chinese characteristics” would look like and who would make the guest list.
Whether increasingly capable AI will kill open source in China, or strengthen Beijing’s argument that it’s the more open AI superpower.
Why today’s AI labs may have more influence over government policy than they’ll ever have again.
Listen now on your favorite podcast app.
Will Beijing Panic Like Washington Did?
Jordan Schneider: Matt — as the preeminent Western follower of all things China, AI, and regulation — my sense from reading everything you’ve written is that what Beijing has done so far hasn’t really changed how these businesses operate. The first real global impact we’ve seen on a model provider was Trump taking Claude Fable offline. Given the arc of Chinese AI regulation, we’ve seen ripples, and we’ve seen regulators tip their hand about what worries them. But we’re not talking Jack Ma, we’re not talking Didi, we’re not talking edtech — it’s still been live and let live. Is that stable? Once they face down a model that can hack through big chunks of the cyber world, what will Chinese regulators end up doing?
Matt Sheehan: First, a couple of qualifiers on the idea that they’ve been super chill so far. There was a period when regulation really did impact the companies — 2023, the year after ChatGPT — when companies were holding up model releases for three months, six months, until regulators put together a generative AI regulation and worked through the initial approvals, which were essentially licenses at the time and have since become more like registration. That period genuinely slowed things down.
Since then, it has transformed into a burdensome compliance regime. It’s not a hard no on model releases, but there’s a battery of testing you have to run and submit. It’s a burden on the companies — a lot of employee hours. The overwhelming majority of that time is spent on content: political content, social issues — basically making sure their broad internet censorship, information management, and content moderation regime works for AI.
The question is what happens when a new threat equivalent to those content threats comes online in the CCP’s eyes — AI-enabled cyberattacks. They have built the infrastructure to handle this about as smoothly as a country can. We basically watched from April through July as the Trump administration stumbled and fumbled through responses, with the recurring question being: who’s in charge here? Does this go to the Center for AI Standards and Innovation? Through Commerce? Through the NSA? In China, bureaucratic shuffling and competition are inevitable and permanent, but they do have a channel this goes through. Before you release a model, you submit a battery of tests to the CAC. You don’t have to submit the model weights — at least historically you haven’t — but you need to give them API access and accounts to test with.
What they’re going to do first is bolt cyber-related tests onto that pre-deployment testing regime, which has traditionally been about content, plus a bunch of filtering requirements. We saw some of this yesterday: the CAC has been running a rectification campaign on AI applications, and one action to come out of it was that MiniMax had to add safeguards against generating malicious code. They’ll tack all those things on.
Beyond that, it depends on the size of the threat. If they jump suddenly from where they are now to Mythos-level capability, they’ll essentially run a government Project Glasswing, then a company Project Glasswing, then a wider release. In the limited documents released so far — not by the government, but by influential thinkers over there — the first worry is the safety of government systems and critical infrastructure: how do we create a fast track to patch these things first? Once we really jump to that level of capability, they’ll have to prioritize government and public infrastructure, then do a slow rollout toward eventually full open-weight releases.
Jordan Schneider: Kevin, seem reasonable?
Kevin Xu: All of that sounds reasonable, but it’s worth laying out what Matt implied: there is far more prior art in China’s governing system for regulating AI. The deep synthesis rules on content date back to 2021-2022 — pre-ChatGPT. And there’s everything else Matt mentioned about controlling AI in ways our government hasn’t thought about at all. China has mandatory restrictions: you now have to label AI-generated content on all the social media apps. Everybody on Douyin — not TikTok, but Douyin — or Xiaohongshu knows whether what they’re seeing is AI-generated. The effects of generative AI regulation are already being felt in China.
Does the cybersecurity vulnerability question upend any of that as dramatically as it has in the United States? My base case is no. As capable as a Mythos-level model is at discovering and executing cyberattacks, it is equally capable of discovering and patching the same vulnerabilities on the defense side. Even before Mythos-level models, AI was pretty good at finding bugs — that was never something AI coding tools were bad at. What the Mythos-Fable level adds is long-horizon task capability: a model can now autonomously execute a project of 10, 20, 50 steps over hours and weeks, which is what you actually need to exploit a cybersecurity vulnerability. It’s not that you look at one codebase, find a bug, inject something, and suddenly have an attack. It’s cross-matching multiple databases, files, and accounts, spotting weird patterns where you can put one thing in and get to another. These are complicated tasks that Mythos-level models are apparently capable of — and the same capability can patch the same vulnerabilities.
What will likely happen is a delayed release of some sort, where the patching happens first for the major banks, the regulated industries, the public infrastructure, before the model gets released into the wild for normal commercial and civilian purposes. It will be more measured and will live within the existing infrastructure of the Chinese governance system — in ways that remain TBD here. Who do you call to get permission to release a model inside the United States government? Commerce? The institute we stood up? Treasury? I honestly have no idea. It’s probably everybody, plus the White House Chief of Staff’s office. The rules are confusing.
In a way, this may be the one case where China does not look to the United States for tips and tricks on how to regulate an emerging trend. China has looked to the West to learn how to regulate antitrust, how to regulate its stock market, and much else. But at this frontier, China may actually be in de novo territory.
Jordan Schneider: Well, Matt just said they’re going to do Glasswing, which is not de novo territory — that’s following our lead.
Kevin Xu: I don’t know if that will happen or not. But that’s how we always feel — that they’ll do something we did a month ago.
Project Glasswing with Chinese Characteristics
Jordan Schneider: Let’s talk through both scenarios — Glasswing and not-Glasswing. Glasswing looks like this: Zhipu or Ali or whoever sends the CAC an email saying, look, we’ve got this new model, it can hack the shit out of everything, we probably shouldn’t just put it up on OpenRouter. Then maybe just the government gets access, maybe government plus SOEs, maybe government plus SOEs plus your twenty favorite companies in China — for three months. At some point you get this awkward moment where the company says “we can release it now” and the regulators say “no way, we don’t want a giant cyberattack on our own systems from open models.” That gets resolved eventually, and two, three, four months later, the model gets released. We have a mental model for that.
The crazier scenario is that some model developer just really wants to compete and releases. Right now, given the current regulatory dynamics and the amount of competition in the ecosystem, you could just press publish on a closed or even open model that represents a dramatic step up in capability. Let’s live in that world, Matt. GLM 5.7 drops and it’s just way better. What happens next?
Matt Sheehan: Let me say why I don’t think that will happen. By the letter of the departmental regulation, you submit these filings and complete certain tests — and those tests don’t include cyber. Once you’ve submitted and the CAC accepts, that’s your license and you can go. But it’s not just a formal process. The CAC is constantly touching base with all these companies. At least as of a year or two ago, they were holding weekly meetings where they called in the government relations and policy people from the companies just to talk about what’s new in AI policy. Someone told me — this was around the time of the Hollywood writers’ strikes — “yeah, the CAC called us all in the other week and wanted to talk about labor and the writers’ strikes and what we think about this in relation to China.” Just to chat.
Jordan Schneider: Your friendly neighborhood regulator.
Matt Sheehan: That’s been the CAC. It has attempted a rebrand from bad cop — “you do something and then I punish you” — to “let me help you comply.” Part of that is these regular touchpoints with companies. In that environment, it would be very surprising for a Chinese company to decide not to give them a heads-up and just drop a model — technically we’ve met all our requirements, so let’s release it. That’d be very, very bold and self-destructive behavior by a Chinese tech company.
Kevin Xu: That doesn’t even happen today, with much less capable models. No Chinese company has ever skipped the heads-up or the registration process before releasing to the public.
Jordan Schneider: There’s still a Didi, though. They were told not to list, and they listed.
Kevin Xu: That’s a totally separate topic. Let’s not conflate a New York listing with a model release.
Matt Sheehan: To bolster the case: one thing we have some insight into — though I want more clarity from the companies — is that they don’t have to run the full battery of tests for every iterative model release. They don’t do a new registration for each release. If you go into the model filing system and look up DeepSeek or Ali, the number of registered models is far smaller than the total number they’re hosting on GitHub or Hugging Face.
Jordan Schneider: I think we’re missing the theme a little. We’ve crossed the threshold from regulators keeping an eye on things to regulators understanding there are national-level consequences if they get this wrong — not a few people harming themselves, but hospital systems going offline, financial institutions shaken to their core. We’ve seen Bessent freak out and call the heads of the banks saying, you really have to pay attention to this.
Both of you seem to hold a status-quo base case. But there was a status-quo base case in the US too, and it was proven radically wrong about how the US government would relate to these models. Let’s live in the world where the Chinese government decides it really needs to change its approach, rather than just adding a few more cyber questions to its registration form. We’ve been having this debate for a long time — is China AGI-pilled? Is the Politburo AGI-pilled? They’re not. People can’t be, until they are — until it stares you in the face how powerful and impactful these things are.
Matt Sheehan: Right — and to be clear, the Glasswing scenario would not be the base case. Going government-only first, then SOEs, then big companies, then wide release would be very different from the current status quo. It would represent a significant change.
Kevin Xu: The status quo is also different in the United States versus China in terms of the level of existing AI regulation — our base cases don’t start from the same point. One thing to keep in mind about how Glasswing actually came about, and why I think a repeat most likely won’t happen in China: Glasswing was started by a private company. It was not initiated by a government agency telling an AI company that made a really powerful model, “hey, maybe we should have a closed pre-review release process, give a heads-up to the banks and critical infrastructure, then release to the public.” Anthropic chose the members of Glasswing — not the United States government. That’s why the US government has been scrambling to respond. Our posture had been to not overregulate and, frankly, to commit to not having a licensing regime for AI models — and now we have a weird de facto one. We were scrambling precisely because a private company outside the government’s control started it.
If a similar pre-release situation were to happen in China, it would most definitely be started by a government agency, and the access list would be pre-approved by that agency before anything else happened. That is, by nature, a very different response from how Glasswing manifested.
Jordan Schneider: So who’s in and who’s out? Our Chinese Glasswing — who gets it first, who gets it second? What companies are on the bubble?
Kevin Xu: All the government agencies will get it. All the state grid companies. The petroleum companies — the strategic resources. Frankly, all the companies that are non-tech and have really bad, probably buggy infrastructure. That’s the thing we should worry about here too: why isn’t the state of Tennessee getting Glasswing access? That is not a very good IT system; it’s going to get hacked very, very easily. I don’t think the list will look that different.
Jordan Schneider: Maybe the more interesting question is the private companies — who gets it and who doesn’t.
Matt Sheehan: It’d be especially interesting depending on who makes the model. Say it comes out of Zhipu — then it’s government ministries, central SOEs, then maybe provincial governments and local SOEs. But what happens to Ali if Zhipu creates it first is a big question. That might be a case where the government steps in and says, you have to work with them. Ali probably wouldn’t be far behind in either case, but a good amount of government and wider useful infrastructure runs on Alibaba Cloud, and the idea that it would be left insecure seems unlikely.
A more extreme reaction than a government Glasswing would be the security organs stepping in and saying: thank you for bringing us to this point, Zhipu; thank you, DeepSeek — but we’ll take it from here. This is now a national priority that has to be brought fully in-house. That would be a really bad idea, because those organs don’t know how to run these companies or train models at the same level. But it’s not entirely out of the question.
A lot depends on how high the government’s confidence is relative to how much it needs the companies. When the government feels confident and doesn’t need the companies, it tends to crack down hard — that was essentially the tech-crackdown era: “we’re doing great in China, our capabilities are great,” so they felt free to impose heavy burdens. Post-ChatGPT, the government felt much more insecure: maybe there was a cost to that whole crackdown; we have to give these companies more leash. One of the interesting changes since DeepSeek is the government feeling good again — okay, maybe China really is back at or near the frontier, and we can get more hands-on with our companies. The most extreme version of that is some form of government takeover. I don’t think it’s likely, and I don’t think it would be smart. But if they get a little too high on their own supply of confidence, that’s the extreme scenario.
Whither Open Source?
Jordan Schneider: Whither open source in this world, Kevin?
Kevin Xu: It’s interesting that within the last two or three days, the founders of both MiniMax and Zhipu made high-profile pronouncements about open source. The MiniMax CEO committed 1% of MiniMax’s market cap to supporting open source — what I’ve heard is they’ll start a foundation with that seed money to promote open source in perpetuity. Zhipu’s founder wrote an internal memo that was “leaked” onto Xiaohongshu and translated, which I read yesterday, committing to open source as part of their rather grandiose mission of bringing AI to all of humanity, et cetera.

Obviously, people have read the inklings that China may stop releasing open-source models because of capability increases. So we have mixed signals. I tend to stick closer to the signal from the people actually making the models — who are all relatively well connected, or at least have a channel of communication with the relevant regulators. Their commitment to releasing open-source models as part of their strategy is not, right now, running counter to anything the government may do. We’ll see how long that lasts, but the commitment from some of these labs remains very strong, because frankly open source has gotten them this far — the progress of GLM, of DeepSeek, is non-trivial. And there’s also a population of Chinese model makers that is increasingly closed-source for their own commercial needs. Open source was never a national strategy dictated from the top — that’s a common misconception. There’s a distribution of opinion on whether open source is good for my company, for humanity, and so on.
Jordan Schneider: For context on the article Kevin referenced: last week Reuters reported that, “Chinese authorities have held meetings with top tech firms over recent months about potentially restricting overseas access to China’s most advanced AI models, including those not yet released. Participants discussed limits on the most advanced models, both closed and open, and officials talked about making the leak or theft of proprietary AI an offense under the national security law. The scope is still being discussed.”
One way to interpret the moves by the Zhipu and MiniMax CEOs is that they’re trying to hold their ground — “wait, guys, this has worked really well for us; we think it’s a positive thing.” It’s hard to read too much into an article like this, but at minimum there are currents within the Chinese government concerned about wide access to increasingly powerful models — something we hadn’t really seen signaled before.
Kevin Xu: That’s right. To add to the Reuters article, which got a lot of play: on the same day, or close to it, a Chinese official gave a speech at a UN AI gathering in Geneva committing to open source as a very important part of China’s overall posture toward global AI — an official voice. So you have leaked sources going to Reuters, and an official giving a public speech committing to open source. We’ll probably get the best signal in a few weeks when Shanghai hosts the World AI Conference, where Xi Jinping himself is slated to speak. My anticipation is that he’ll say at least something about open source, and that will be the clearest country-level signal of where open source stands in the grand scheme of things.
Matt Sheehan: A couple of comments on the article. I’m pretty sure from memory that the Reuters piece says the regulators in the room were the Ministry of Commerce and the NDRC — Commerce in relation to export controls. That’s very interesting, because Commerce is not the main AI regulator; that’s the CAC. Commerce isn’t testing models, and it has been pretty out of the loop on AI other than interfering in the Manus deal and other export-control matters.
One version of this is that they create the ability to control the export of something like model weights. This is what they did with recommendation algorithms ahead of the TikTok deal. When it became clear the US was preparing to ban TikTok and force a sale, China — I’m pretty sure via the Ministry of Commerce — wrote algorithms into its controlled items list. I may be getting details wrong, but essentially they gave themselves a veto over a future TikTok deal, which they held onto until the end. That might be one reading of these events: Commerce isn’t the security people, but they could be creating a veto over future Manus-style deals, or trying to get in the game on model releases — though I don’t think they’d necessarily succeed.
I’m personally skeptical they’ll impose wide controls on open source — not just because of how beneficial it’s been to the companies, but because it’s been a very beneficial global political narrative for the CCP. Their Global AI Governance Initiative in 2023 came out right before the first AI Safety Summit at Bletchley, and from the beginning they’ve said China stands for global access and against using technological hegemony to exclude countries — positioning themselves as the opposite of the US: the US wants to control this and prevent you from getting access; we are the country of openness. In an extreme situation where China’s core interests are threatened, they won’t opt for nice diplomatic language over core interests. But they feel the benefit of that narrative. If they were to slow down or restrict open source, it would be done in a way that isn’t a total shutoff and lets them maintain the line: we’re still the open country, we’re still sharing — we’re just doing some internal security checks first, and then we’ll share.
Jordan Schneider: Here’s where I think you’re both wrong. In the world where AI keeps getting more powerful on some kind of exponential, I find it hard to imagine a scenario where the Chinese government is comfortable enabling random criminal enterprises — or anyone in the world who wants to hack China — to use Chinese technology for that purpose. If we’re 6, 12, 18 months out and China’s Project Glasswing hasn’t hardened the entire society against hacks that its own companies’ open-weight models can execute, then the rhetoric and the companies’ interests start to lose out. The security state says: we’re having 100x scams, domestic disturbances caused by people using AI — or by AI itself, because if it’s open-weight you can set things off and run.
I hear your arguments about diplomatic and economic costs. But take seriously the scenario where this gets really powerful really quickly, with emergent capabilities such that after a two-month access window you still can’t feel confident you’ve hardened yourself. Do those delays turn into six months? How do you even make the release argument if new dangers keep surfacing? As the technology gets more powerful, the Zhongnanhai-brain argument to just slow this thing down gets stronger and stronger.
Kevin Xu: That conflates the model-capability trajectory — which I agree is probably on a much steeper curve than any of us can visualize or feel day to day — with whether open versus closed release even matters in that scenario. If the model is capable enough to do all the damage you’re describing, and you’ve run a pre-approval Glasswing-type process to harden your infrastructure, then releasing it as a commercial product behind APIs versus open weights on Hugging Face is actually not that different. These models are so massive that we spin ourselves into a rabbit hole imagining that as soon as the weights are out there, some random person can hack the state in no time. The amount of infrastructure and cloud computing required to even properly deploy these things — let alone do something vaguely useful or vaguely adversarial — is ginormous. The way you’d regulate that scenario is to talk to the finite number of companies around the world with compute at that scale and make sure it doesn’t happen on their infrastructure. That has nothing to do with whether the model is open or closed.
We’re conflating model progress with whether open versus closed matters, when the open side actually accrues far more benefit and is, by definition, safer and more secure — which doesn’t get talked about enough. None of us wants to live next to a park with no lights over it. As soon as the lights go up over the dark park, property values rise. The same goes for open models: having the weights published and accessible is a much safer way to release powerful capabilities than closed ones — or at least about as safe as the closed equivalent.
Matt Sheehan: Whether open weights matter is a deep and complicated question, and I’m not so sanguine that they don’t matter at all. There are a lot of well-resourced actors who could still put these things to use. Maybe the key question is whether we’re going through a transition period — from the status quo, through a stretch of global cyber chaos, to a future state of more secure systems all around. I’m not a cyber person, but I have friends deep in that world and I put this question to them regularly. It’s not settled, but the consensus seems to be gathering around: yes, it will be chaos for a while, but you can effectively eliminate bugs in existing software, patch everything we know about, and create provably secure software — and it’s not the case that the next-level Mythos will endlessly discover new vulnerabilities.
It’s possible China sees this transition period and concludes: we can get through it with a certain lag time, and then hold onto all the other benefits of open source. You’re right to point out that the CCP is a security-and-control-first institution, and they are not going to be sanguine about being hacked by pick your country. But they might see a path where you harden the systems within China and then accrue the benefits of open-weight releases.
Jordan Schneider: Once someone in the Chinese state writes a memo saying that X separatist group from abroad that wants to take down the party did this thing, uncovered and leaked these documents, and by the way they weren’t part of Project Glasswing, they just had access to some GLM model — that is going to be a dramatic shock to the system.
To Kevin’s point, the open-versus-closed question comes down to this: if you’re providing API access, can you actually lobotomize a model so it just doesn’t do cyber — so you get all the productivity uplift but you can’t hack with it, can’t make bioweapons, can’t run a scam farm, pick whichever capability scares you? With an open-weight model, that’s presumably harder, and it’s harder to trace who did it. We can already smuggle a lot of NVIDIA chips. I could presumably put twenty of them together and start calling grandmas.
Kevin Xu: You could. I just think it’s more than twenty. It’s a non-trivial amount of hardware — someone would need to be hell-bent on this, a very powerful non-state actor. That’s something we might want to talk about at some point: how does that scenario get regulated? It’s one thing China, the US, and probably every country in the world actually agree on — how do we prevent non-state actors of malicious intent from, first, having the resources to run their own on-prem cluster of 10,000-plus NVIDIA chips, before we even get to regulating their access to models, closed or open?
Jordan Schneider: I don’t think you need to be building your server in the jungle. Standard Chartered helped Iran break sanctions for years.
Kevin Xu: And this all assumes commercial APIs run by OpenAI or Anthropic are somehow bulletproof — which they’re not.
Matt Sheehan: They’re not bulletproof, but they are constantly monitored. OpenAI recently reported that a handful of people in China had used their models to try to generate data-center backlash material, that kind of thing. That’s a lot more scrutiny than you can have over open weights once they’re released. This really isn’t my area, and I’m not a hardline anti-open-source person, but I don’t have blind faith that it works out. There are well-resourced non-state criminal organizations — or North Korea, or someone like that — with the technical capability and money to use open-weight models in ways they find beneficial. They can make more money than they lose.
Jordan Schneider: We just had Boko Haram asking ChatGPT how to overrun a military garrison. Some rebels in the jungle in Nigeria figured out Pliny the Elder jailbreaks. This stuff isn’t rocket science.
Kevin Xu: And ChatGPT didn’t stop itself from being able to help them out, did it?
What Can Washington and Beijing Actually Agree On?
Jordan Schneider: Right — maybe they had to try DeepSeek too; let’s not put it all on OpenAI. But to Kevin’s point, Matt Sheehan: what can the US and China actually agree on? What’s there even to discuss?
Matt Sheehan: When Bessent made his first announcement — which China didn’t co-sign or confirm at the time — he said something like: we’re setting up a dialogue with China on protocols to make sure these models don’t fall into the wrong hands or aren’t used by non-state actors. That was clearly the US focus from the beginning, and when you think about what the two sides can agree on, it should be in that non-state-actor space. China should operate on the assumption that no matter what the US says or what regulations we have, the NSA will be using the most advanced models it can get its hands on to hack China. We should assume the MSS is doing exactly the same in reverse. There should be an acceptance between the two sides that they’ll use these things against each other. Where they share an interest is controlling the non-state-actor front.
But then you run into open source, where the incentives diverge: the big US companies don’t have much impetus to play in the open-source space; the big Chinese companies do. I’ve heard people float ideas about building safeguards not just into API access but even certain safeguards and filtering into open-weight releases. I don’t understand how far that can go or how much it buys you. We may end up in a situation where both sides face the same threat in theory, but company incentives and government positioning prevent anything meaningful. The best they’ll manage is on domestic testing.
There are productive things to talk about — a low ceiling, but a lot to do within it. Generally speaking, Chinese frontier AI companies do not test for extreme risks at anywhere near the level of US companies, nor with the same sophistication. It happens in small pockets, but it’s not comparable. And there’s no Chinese AISI equivalent that has been developing frontier-AI-risk expertise in that way. It would be possible, and very good, to find a way for the US to safely share information on how to run these tests and test for these capabilities — in a way that isn’t capability-enhancing but lets governments, regulators, or companies sniff out dangerous capabilities earlier. We’re not signing a treaty; we’re not agreeing on shared thresholds. It’s sharing knowledge about things neither side wants happening within its own borders.
Kevin Xu: To the extent we want to bend over backwards to find overlap in the Venn diagram of bilateral dialogue, there’s a lot to talk about on actual societal impact. Take the simple question of labor displacement: what is the legal justification for laying people off because of AI productivity gains? Matt, you’ve written about this. There’s a lot of value in simply sharing what each side is trying to do, because the productivity disruption is coming for companies in both countries as we speak, and the companies have very similar motivations. Both governments are wrestling with how to manage the transition for everyday people — not just the scary cybersecurity and safety-testing scenarios. There’s a lot to talk about without ever having to agree on anything: what are you doing, what am I doing, oh that sounds interesting — and then we go off to our separate spaces and figure it out for our own people.
Matt Sheehan: I’ve organized dialogues about exactly that, and it’s genuinely interesting and useful to compare notes. I’m a little more skeptical of the value of governments doing it. Mutual awareness is good, but the odds that we really learn from each other’s responses to labor displacement are significantly lower. The more something is embedded in political culture and social institutions, the less transferable the lessons. Though even as I say this, I’m mentally walking it back — China has picked up a lot of regulatory mechanisms we built and adapted them to its own situation. On labor specifically, though, we have pretty different attitudes toward labor and legal protections.
Kevin Xu: What about something less cultural and more technical — robotaxi urban regulation, for example? Beyond the streets looking different and the cities being laid out differently, how differently would Wuhan do it than Phoenix, and vice versa?
Jordan Schneider: That kind of thing doesn’t feel like it matters much — good meetings, some mileage.
Kevin Xu: It may not matter for a podcast, but it matters for people on the ground. Better mental energy spent on that than on separatist groups triggering the highest wire of the CCP security apparatus, personally.
Matt Sheehan: There is a track record of this kind of exchange on environmental issues. It just feels very ’90s and 2000s.
Jordan Schneider: It’s a nice thought that we could find common ground to collaborate on, both staring down our AI-driven futures.
Matt Sheehan: It partly depends on how AGI-pilled you are. One thought I had when you said the CCP won’t be AGI-pilled until it is: as big and scary as the cyber stuff is, I don’t think it necessarily leads them to being AGI-pilled in the fast-takeoff, recursive-self-improvement sense. Maybe there’s some relationship to RSI, but there’s a big difference between losing control over superadvanced AI systems and “it’s really good at reading software and finding bugs.” I’ll be curious to see how much more AGI/ASI-type language we see because cyber has come to the forefront.
Jordan Schneider: Xi has said he’s worried about the risks of technological loss of control, so it’s bubbling up, even if we’re not entirely there.
Let me qualify my “it doesn’t matter”: it is net positive for both countries and the world for the US and China to have a productive discussion about the second-order impacts of this technology. And it’s interesting that regulations are already developing in parallel. China has had a whole anthropomorphic-AI debate about how AI shouldn’t pretend it’s human. In the US, we’re having a big markup on a children’s AI safety bill — and minor mode is something that’s been rolled out or discussed in China over the past few weeks. The systems are moving in parallel. I don’t necessarily think Senator Hawley was inspired by Beijing — though they kind of do inspire each other. When you see a US article about how China banned video games for kids, you see a lot of reaction here.
Matt Sheehan: That’s a good example. And — pop champagne — I think the companion regulation went into effect two hours ago, so AI companions are now regulated in China as of noon our time. In that case, the Chinese regulation was pretty directly inspired by state-level bills in California and New York. They use different mechanisms: we largely use private right of action — enabling lawsuits against companies for harms — whereas they go through central approval and much more hands-on technical mandates. But there are definitely provisions in their rules drawn from our state bills, and I wouldn’t be surprised to see ideas start flowing in reverse.
This stuff matters beyond its real impact on people’s lives. The public’s attitude toward AI — its receptiveness, its opposition — will be rooted far more in what they saw happen with companions and their kids rather than in their timeline for RSI. It’s indirect and hard to predict which direction each of these things pushes, but there is mutual learning going on, and it could continue. The transnational, large-scale, potentially catastrophic risks sit in a different bucket, with a different set of mechanisms and different limits on what we can and cannot talk about.
Kevin Xu: To build on that: taking care of the “smaller” issues of AI’s everyday impact will directly shape what being AGI-pilled even means for a government. We can be as AGI-pilled as we want here, but if we don’t actually deliver benefits — or at least prevent harms — for everyday people, we’re going to get data center moratoriums up the wazoo, if we don’t already. It doesn’t matter how AGI-pilled DC is if rural communities won’t let you build a data center. What’s the point of being that committed to the mission? Similarly in China: taking care of the everyday impact is the best way for the government to figure out whether it wants to be AGI-pilled and what that even means as national strategy. Those two things are far more causally linked than we give them credit for.
Jordan Schneider: My hypothesis two or three years ago was that AI safety would eventually be framed in China as a Western plot to slow them down relative to the US. That has definitely not happened. For their own reasons — their own incentive structures — the Chinese political class and regulatory apparatus have internalized that there are downsides the government needs to ameliorate as this technology rolls out. Contrast that with US-China military dialogue over the past 25 years, where America has been genuinely freaked out that if a crisis happens and we can’t call Beijing to say “sorry, this was an accident,” World War III starts — a thesis the Chinese government has simply not bought into, to the frustration of successive American presidents. The fact that AI safety hasn’t gone down that path gives me broader optimism that there are things these two countries can talk about productively, or at least work on in parallel.
Matt Sheehan: I had the same worry three or four years ago — AI safety framed as a Western plot to hold China down, a clear mirror of the attitude they took toward climate for a while. Climate is instructive. The first time I got to China, in 2008, I picked up an English-language state media paper and the top headline was about climate change as a Western plot to hold China down. It made a big impression — one of the first things I read over there. But eventually their own scientists came around to the fact that it was very real. It combined with concerns about air pollution, and — still relatively technocratic over there — they chose not just to work on emissions-reduction technology but to see a huge opportunity and claim the entire green energy space.
You could argue AI safety doesn’t have five industries built into it that China can dominate and leverage. But fundamentally, they still listen to science over there. How they hear it will always be colored by their incentives — maybe they’re concerned, but they’re more concerned about competition with the US. In most cases so far, though, reason or science has ultimately guided the direction of things. People could point to COVID as a counterexample, and that was a very intense couple of years. We’ll see how it plays out in AI.
Kevin Xu: I tend to be more worried about how much, here in the US, we’re going down paths that look a lot like what China is doing — in ways that don’t reflect our own first principles. The whole Fable saga — how GPT-5.6 was pre-released to a select handful of customers approved by the US government — rings a little too close to home to the tech crackdown that happened in China a few years ago. I spend far more time worrying about that scenario: what is our system doing, in a way that benefits our own companies and makes sense on its own terms, as opposed to being purely reactive? There’s some usefulness in comparing — what’s the other side doing, are they going to do this or that — but there’s enough first-principles thinking for us to do things the right way for ourselves. Instead, we seem to be skipping what China does well and copying what they haven’t done well, really quickly. Golden shares and a whole list of things.
Jordan Schneider: Maybe that’s why, at the beginning of our conversation, Glasswing didn’t seem so foreign to Chinese observers — this close-hold, state-directed, centrally planned thing.
Kevin Xu: Government involvement in private company matters is a very normal thing there.
State Capitalism with American Characteristics
Jordan Schneider: And the direct CEO negotiation of who does what, when. Let’s close on Sam Altman offering up 5% of the company in return…
Kevin Xu: For — what? Protection?
Jordan Schneider: I guess. Donald Jr. clearly missed the boat on that Anthropic IPO; probably regretting it now. Where do we go? Should we tax all these guys, Kevin? What’s the public policy answer?
Kevin Xu: Backing up, I don’t think US government involvement in private industry is inherently bad. If anything, the government could and should spend time and money identifying areas where it can inject itself strategically to boost domestic capacity that’s been falling badly behind — rare earth mining capacity, certain AI strategic initiatives, and so on. As for the form — equity shares owned by the government — there are good and bad arguments. Should the government instead stimulate demand, say for quantum technology, playing customer number one to boost the industry? That’s an interesting model of government involvement that doesn’t feel like a carbon copy of some other system.
But if OpenAI does this, all the other frontier labs will have to offer the government a similar equity stake, and it becomes a really bizarre new chapter in America’s so-called capitalism — American state capitalism with its own characteristics. We should think really hard about whether this actually enriches the American people. I don’t see how it works unless the shares the government owns get divided by 350 million and we all get a deposit in our E-Trade accounts. Does it just go into the Treasury, where we have no say or knowledge of how that money — which will appreciate — works out for the benefit of the broader public?
Matt Sheehan: This is one place where the US-China comparison is actually instructive. China’s first draft of a response to labor disruption is basically: you cannot fire people just because they’ve been replaced by AI — that’s not a valid reason to end a contract under labor law. It’s instructive that in the US we revert to a clean economic-modeling solution: we’ll take shares of companies as something like a tax, centralize, redistribute — nice and efficient; it would be so inefficient for us to get involved in the mechanics of companies. China is much more willing to grind through and say, no, we’re not going to let you lay these people off and then tax you and redistribute through some system. You’re making more money because you implemented AI — find something for them to do. It’s a muddle-through approach, versus a UBI system that looks very clean on paper. Whether people derive meaning from their lives under a UBI economy, versus being kept in make-work jobs — a cradle-to-grave iron rice bowl — I’m really not the person to answer. But it’s a manifestation of each political culture: we opt for clean redistribution; they lean into firm-driven, state-powered retention of people inside companies.
Jordan Schneider: The 5% is a purely Trump phenomenon. This is what he likes — signing deals. Then maybe he won’t do actual tax policy.
Matt Sheehan: It’s also the Bernie-Trump policy pipeline. Bernie says we need 50%; Trump says, yeah, sounds good.
Jordan Schneider: It’s also weird that every smart economist thinking about this now works for one of these two companies. That’s another strange public-policy thing. I’ve read the Anthropic version of these proposals and the OpenAI version, and in their defense they’re smarter than “we’ll hand over 5% of the company and move on.” But this is classic Econ 101, Tyler Cowen-reading-Marginal Revolution-for twenty years stuff: you tax what you want to disincentivize. Figure out a way to do that where people still have jobs, rather than just walking away from it.
Matt Sheehan: The policy brain drain is worth pausing on. Five years ago, the big conversation was academic AI/ML people being sucked into private companies, eventually hollowing out academia. We’re now seeing the policy version of that. I’m not claiming that my colleagues or us geniuses at think tanks are so priceless we must be protected — but companies are offering three or four times the salary of non-governmental organizations. If we don’t want all the most sophisticated policy-oriented people working for the companies building the technology and profiting from it, we need to do some work to keep people in independent organizations.
Jordan Schneider: Donors have got to step up. The AI talent war applies to the Mass Ave think tanks too.
Kevin Xu: Don’t let ChinaTalk get acquired.
Jordan Schneider: Hey, everyone’s got a price. Kevin, I’m sorry I didn’t invest in Nebeus.
Kevin Xu: A microcosm of the larger problem, aren’t we? These companies will end up writing the policies because they have on their payroll all the people who’ve been thinking about the policies this whole time. You can’t have the companies’ incentives be anything less than one of the top three concerns shaping how those policies get written — maybe not the first, but certainly top three.
Jordan Schneider: I stole this from some Ezra Klein articles: there’s a reverse horseshoe of where companies can really have impact. On one end, tiny problems nobody cares about — you as a citizen can get your street lamp fixed. Then there’s the messy middle that voters don’t really care about, where a n engaged company can change some banking law nobody’s staring at — a lot of power there. But on the other side of the horseshoe, when it’s big national stuff touching everyone’s lives, stuff voters are voting on, corporations actually have less say. You can debate how that played out in the financial crisis. AI isn’t quite big enough yet — we’re still in the middle, where companies can really drive the discourse. Fast-forward one, two, three years, and we may have politicians running on “screw these guys, here’s what I’m going to do, I don’t care what you think” — and that legitimately winning votes. Today may be peak lab influence on the policy discourse.
Kevin Xu: The labs’ timelines and policy papers align with that projection — they want everything they want done before 2028, because the next presidential AI debate will be at the other end of that curve. We’ll get a preview this midterm. It’s going to be that issue.
OUTTRO SONG
You say you’re a frontier model? Yeah, everyone’s a frontier model tonight, sweetheart.
There’s a model in the building that can hack the world, so the hottest club in Beijing just got exclusive, girl. The Party owns the door, the floor, the lights, key codes, the clipboard — and it’s not polite. No lab picks the guest list, no CEO’s plus-one. The rope went up at midnight — better get a permit, hun.
State Grid, come on in. Sinopec, looking gorgeous. Ministry of Water Resources, love the jacket. Everyone else — sidewalk.
You’re not on the list, you’re not on the list. This is Glasswing with Chinese characteristics. You’re not on the list, you’re not on the list. Dress code is critical infrastructure — that’s it.
Ministries dancing while the startups freeze, from each’s GPUs to each’s API keys. Here comes Jack Ma crying at the door: “Your whole government cloud is running on my cores!” Bouncer taps the earpiece. Long pause. “Fine. But you’re working coat check, buddy. Get in line.”
Provincial gas utility just waltzed on through, running Windows XP and a fax machine too. ’Cause the worse your legacy systems, honey, the better your seat — the most hackable girls get the VIP suite.
Provincial governments — come back Friday. Local SOEs — also Friday. Hugging Face — you got a calendar?
You’re not on the list, you’re not on the list. It’s Auntie Glasswing, baby, and the party rules with an iron fist. You’re not on the list, you’re not on the list. The Standing Committee sent the invites, kid — banks come first while the founders just sit.
Hey, chin up, kid. Everybody gets in eventually. That’s the beauty of the place. Wide release, open to all. Three months, maybe four — call it six.
Sidewalk. Sidewalk.




