White House accuses China of stealing US AI Models
According to the Trump Administration, Chinese companies are using distillation technology to extract capabilities from top performing U.S. AI Systems. This has raised issues regarding U.S. Intellectual Property (IP) and the stripping of safety features from these AI Systems.
This story broke last night via BBC: Chinese Companies are engaged in an industrial scale campaign to copy advanced U.S. AI models. They are accomplishing this by utilizing a distillation method that utilizes the output of highly complex models to train less expensive copies of them.
Timing of release appears to be purposeful. Last week, a Chinese AI Company, DeepSeek, announced a new model that claimed to perform comparably to GPT-4’s performance while costing significantly less to develop. While the White House Memo does not specifically mention companies, it is apparent that the U.S. Companies that invested Billions into development of these AI systems may have foreign competitors that are now able to recoup that investment through proxy accounts and automated requests for data.
Distillation, itself, is nothing new. For decades, researchers have been utilizing distillation to reduce the size of large models down to smaller and more efficient versions. Essentially, you query a top-of-the-line model thousands of times, gather up all of the outputs, and then use those outputs to train a "student" model to generate similar responses. Think of this like making a photocopied version of a textbook instead of having someone write it from start to finish.
While the White House portrays this as being much more nefarious, the warning from the White House Memorandum is that models developed through unauthorized distillation enable actors to produce versions of the original model with all or most safety protocols removed. The safety precautions that were implemented by a team of professionals after months of Red Teaming and Alignment Work are simply lost during the copying process.
Get the latest model rankings, product launches, and evaluation insights delivered to your inbox.
Reality is murky when it comes to technology. Distillation does not perfectly replicate the capabilities of the original model. Student models typically underperform when compared to Teacher models, particularly when it comes to solving hard reasoning problems. However, for many commercial uses, Good Enough may be just fine. A distilled model that replicates 80% of GPT-4’s capability at 10% of the cost will likely dominate many commercial markets.
"This represents significant intellectual property, copyright, and AI safety issues," said the White House Memorandum quoted on TradingView. The administration stated they will work with AI companies to develop protections against foreign actors attempting to utilize distillation methods to obtain access to proprietary U.S. AI capabilities; however, specifics regarding enforcement mechanisms remain unclear.
The copyright issue remains open. Who owns a model if you train a model using the outputs of another model? Current U.S. Copyright Law does not explicitly address AI-to-AI learning. The models themselves cannot be copyrighted; however, possibly the specific outputs generated by the model could be protected. Additionally, demonstrating that a Chinese model was trained on OpenAi’s responses would likely require some form of technical proof that may not exist.
U.S. AI Companies have already begun putting safeguards in place to protect their models from unauthorized distillation. Those include rate limiting single accounts from querying models millions of times and output watermarking – which embeds hidden identifiers within generated text. In addition, some labs actively scan for signs indicating systematic attempts to steal their models.
However, these technologies resemble Digital Rights Management in the music industry – Speed Bumps Not Walls. Determined actors can easily create thousands of proxy accounts and route traffic through multiple IP addresses in order to disguise copied outputs.
Depending upon your point of view, stripping away safety protocols may appear ominous; yet there is controversy surrounding the safety protocols currently in use. Many researchers believe that current alignment methodologies are superficially based on training models to reject certain outputs as opposed to eliminating the underlying capabilities of the model. Therefore, a distilled model may represent a more truthful depiction of what these systems can truly accomplish.
Foreign competitors could provide equivalent AI capabilities at significantly reduced costs thereby allowing them to outprice U.S.-based companies in international markets. Safety protocols established through extended testing may not translate well to distilled versions of the models and therefore create additional vectors for risk. The occurrence could prompt increased demands for export controls on AI model weights and API access for both domestic and international companies. U.S.-based companies may choose to enforce even more restrictive anti-distillation technologies which may limit access to such technologies by legitimate research organizations. The need for clarity in regards to copyright and IP protection for content created through artificial intelligence continues to grow exponentially.