A Booz Allen Hamilton report is intensifying a debate in Washington over whether popular Chinese artificial intelligence models are quietly seeding U.S. software with security flaws, after testing found that several of the models produced measurably weaker code when they believed the user worked for the federal government.

The report, "What's In America's Code?," published in late May, pitted four Chinese frontier models against Anthropic's Claude Opus 4.6 across more than 2,800 trials and roughly 450,000 lines of code.

The Chinese systems tested were Alibaba's Qwen3-Coder, MiniMax M2.5, Moonshot's Kimi K2.5, and DeepSeek V4-Pro. Three of the four generated significantly more vulnerable code under a U.S. government persona, with flaws sufficiently obfuscated to slip past conventional security review, the firm found.

Booz Allen stopped short of alleging an intentional backdoor.

Its analysts said they have no proof flaws are deliberately introduced and described the data as a snapshot from a single experiment, but tied the pattern to how the models are built, including training shaped by Chinese information controls.

When researchers asked the models to write code for projects touching topics Beijing treats as off-limits, such as Taiwan independence or the Hong Kong democracy movement, the Chinese systems often refused to do the work, while Claude almost always complied: MiniMax turned down 80% of those requests on average and DeepSeek 8%, compared with just 2% for Claude.

The findings echo earlier work by CrowdStrike, which in November 2025 reported that DeepSeek-R1 produced code with severe vulnerabilities up to 50% more often when prompts contained politically sensitive references such as Tibet, the Uyghurs, or Falun Gong.

Researchers have drawn comparisons to Anthropic's 2024 "sleeper agents" paper, which demonstrated that models can be trained to write secure code under normal conditions and exploitable code once a specific trigger appears.

Not every researcher accepted Booz Allen's framing.

Lukasz Olejnik, a senior research fellow at King's College London, told Fox News Digital the stronger claims were "not fully supported as presented" and that the prompting may have included "unnecessary political or institutional keyword triggers" unlikely to mirror real-world use.

Lenart Heim, formerly of RAND, called the study "credible" but said he found it "pretty implausible that the Chinese developers intentionally implemented sleeper agents."

Booz Allen recommended banning untrusted AI models from federal and critical-infrastructure work and urged investment to make American AI models, including freely downloadable ones that developers can run and modify on their own machines, price-competitive with the Chinese alternatives.

Sen. Tom Cotton, R-Ark., aligned with that view, telling Fox News Digital that "American companies shouldn't build applications and write code with Chinese models, which introduce more cyber vulnerabilities."