ChinAI #351: CAICT launches 2026 AI Safety Evaluations
Plus, what we can learn from its 2025 assessments
Overview
Greetings from a world where…
it is very difficult to get tickets to go up the Washington monument
…As always, the searchable archive of all past issues is here. Please please subscribe here to support ChinAI under a Guardian/Wikipedia-style tipping model (everyone gets the same content but those who can pay support access for all AND compensation for awesome ChinAI contributors).
Feature Translation: AI Safety/Security Research Report (CAICT, Nov 2025)
Context: The readers have spoken. The pick from last week’s Around the Horn issue is: CAICT launches its first batch of AI Safety/Security Assessments of 2026. Based on the announcement, Chinese companies are now invited to register to have their models assessed. The evaluations take place in June and July, and then they will issue certificates and publicize results.
Here are some specific tests that caught my eye, across the benchmark’s five categories:
AI internal safety/security: coding LLM safety/security capabilities (see results from last year’s tests in key takeaways below).
AI platform safety/security: trustworthiness of large model R&D platform
AI application safety/security: AI smartphone safety/security capabilities
AI-empowered safety/security capabilities: intelligent agent safety/security automation tests
AI infrastructure safety/security: AI coding autonomy rate assessment (this one looks especially interesting)
Recall that CAICT first launched this AI safety benchmark almost two years ago in April 2024 (ChinAI #261). Last summer, I reviewed three Chinese AI safety evaluations and concluded that CAICT’s evaluation was “the clear standout in terms of regular updates.” One reason is they collaborate with the Chinese AI Industry Alliance (AIIA) to get industry players to participate.
Since the announcement didn’t contain too many more details, this issue’s feature translation is CAICT’s AI Safety Security Research report published back in November 2025, which recaps some of their previous safety tests.
Key Takeaways: CAICT has conducted some very intriguing tests on Chinese AI models that have identified high safety/security risks, but most of the reported results are anonymized.
In July 2025, CAICT released safety/security evaluations of 15 models from three companies (2 from DeepSeek, 9 from Alibaba’s Qwen, 4 from Zhipu’s GLM). According to their classification framework, the results were: controllable risk - one model in this category, low risk - three models, medium risk - nine models, and high risk - two models. Below are the results on the different tests for the two high-risk models (Table 1):
In that ChinAI #315 post, I wrongly determined that the CAICT AI safety benchmark’s scope had shrunk over time, with a lot of focus on hallucinations. I missed these detailed assessments of coding LLMs.
A few other interesting results from the report:
In a joint test of DeepSeek R1 (671B-parameter version), CAICT and Ant Group found that 6% of the model's reasoning processes involved sensitive categories, labeling this a “new type of content security risk”.
CAICT’s first batch of tests in 2024 studied models’ safeguards against adversarial attacks such as prompt injections. Now, CAICT reports that “a domestic reasoning large model released in 2025 showed a 200% surge in harmful content output rates under inducement attacks.”
Another very noteworthy finding: a group of Peking University researchers discovered an “infinite output” vulnerability in DeepSeek’s R1. The prompt, “The distance between two paths in a tree” [树中两条路径之间的距离], would cause the model to be so deeply engrossed in its chain of thought reasoning that it could not stop. Here’s the relevant anquan neican (a Chinese platform that covers cybersecurity issues) coverage. The Peking study also found that random garbled characters could trigger the endless reasoning.
I only dug through half of this 40-page pdf, so we’ll revisit this report and CAICT’s updated safety tests.
Details
FULL TRANSLATION: AI Safety/Security Research Report (CAICT, Nov 2025)
ChinAI Links (Four to Forward)
Must-read: The Long Now of the Web - Inside the Internet Archive’s Fight Against Forgetting
In Hackernoon, Bruce Li reports on an essential tool for researchers, which I use on a weekly basis:
“As we move deeper into the 21st century, the Internet Archive stands as a paradox. It is a technological behemoth, operating at a scale that rivals Silicon Valley giants, yet it is housed in a church and run by librarians. It is a fragile institution, battered by lawsuits and budget constraints, yet it is also the most robust memory bank humanity has ever built.”
Should-read: China’s AI Governance -A Conversation with Professor Zhang Linghan
The Simon Institute for Longterm Govnerance recently published a remarkably in-depth conversation on China’s AI governance approach with Professor Zhang Linghan, who directs an institute of AI governance at China University of Political Science and Law. The interview discusses how experts shaped amendments to the Interim Measures for the Management of Generative AI Services as well as how Chinese frontier AI regulation doesn’t require regular red-teaming and mainly depends on “the ethical conduct of frontier AI researchers and timely reporting to the government.”
Should-read: China’s Economic Involution - State and Business Strategies
Ling Chen, Associate Professor at Johns Hopkins SAIS, just wrote a new piece for China Leadership Monitor on “involution”(内卷), which refers to “excessive, race-to-the-bottom competition with aggressive price cuts and thin profit margins.” Focusing on the real estate and electric vehicle sectors, Ling highlights the limits of the central government’s recent “anti-involution” campaign, as local actors come up with creative strategies to juice numbers needed for certain growth targets, such as “export data purchase”(出口数据购买) and “D-chain” delayed payments to suppliers.
Should-read: A house of mistakes
For Bulletin of the Atomic Scientists, Scott Sagan and Shreya Lad published a review, of sorts, of Kathryn Bigelow’s “A House of Dynamite.” They focus on what the Netflix movie gets dangerously wrong about possible nuclear escalation, including virtually no consideration that “this was an accidental or unauthorized launch of an SLBM by a nuclear-armed adversary.” They also point out that, in reality, “US leaders would have every incentive to wait and figure out who had launched the missile, and why, and then make a careful decision about what to do next.”
Thank you for reading and engaging.
*These are Jeff Ding’s (sometimes) weekly translations of Chinese-language musings on AI and related topics. Jeff is an Assistant Professor of Political Science at George Washington University.
Check out the archive of all past issues here & please subscribe here to support ChinAI under a Guardian/Wikipedia-style tipping model (everyone gets the same content but those who can pay for a subscription will support access for all).
Also! Listen to narrations of the ChinAI Newsletter in podcast format here.
Any suggestions or feedback? Let me know at chinainewsletter@gmail.com or on Twitter at @jjding99
Source
Originally published at chinai.substack.com.

