Axios C-Suite: Open-source AI pits cost against security

Between the lines: Microsoft exploring a secured version of China-built DeepSeek V4 to power Copilot Cowork — its agentic assistant and the most compute-hungry part of Microsoft 365 — shows that even the richest software company on Earth can't hold the line on closed American-only models. You probably can't either.

The security catch: Microsoft's "secured" version would keep your data on its cloud platform Azure, not Chinese servers, which means the open-source question is shifting from if to how.

• But many vendors and tools don't offer that protection. That's why every CEO needs to be wary before approving any model. (See next item.)

"Open source" means the model weights — the actual trained intelligence — are public. Anyone can download, modify and deploy them. The best-performing, most-used ones are Chinese.

• DeepSeek V4 and other leading Chinese models are considered a few months behind frontier American models performance-wise. But that gap is closing fast with buzzy new models like Z.ai's GLM 5.2.
• Smart CTOs and engineers are already handing off routine work to open-source models and saving pricier models for harder, more complex tasks.

The part you may not see: Many CEOs reading this are already running Chinese models somewhere in their stack and don't know it, because their vendors and engineers chose them on price.

Worth watching: Flo Crivello, CEO of AI agent platform Lindy, switched his company entirely to DeepSeek V4, citing millions in savings and better performance on core use cases — while keeping it on American soil, hosted by a U.S. provider rather than Chinese sources.

• Even so, the migration took months and far more engineering than expected.

The bottom line: Open-source Chinese models are good enough for most work at a fraction of the price. But you've got to be clear-eyed about their use.

The Chinese way

Dominating open-source AI is China's national strategy.

Why it matters: Your company likely already faces thorny China-centric compliance questions — especially if you've staffed your tech team with AI enablers.

• Every open-source model your developers run from a Chinese lab ties part of your infrastructure to Beijing, whether you intended it or not.

Between the lines: The fear isn't just that Beijing has a potential backdoor into your company. It's the regulatory threat to your entire workflow as U.S.-China competition escalates.

• Bringing Chinese open-source models into the fold means you're using a product built by companies legally required to cooperate with Chinese state intelligence.
• You can't be sure their future decisions won't be China-centric. They may propose ways to connect with their models that force a decision: Build for open source or tie to a frontier model.
• I'm not arguing against open source — just illuminating the reality we face.

We've been here before: Banning Huawei from the telecom networks of the U.S. and its closest allies cost billions to rip out and replace.

• Imagine the cost if companies across the West had to reconfigure their AI stacks overnight.

Zoom out: This isn't a fringe risk. Chinese companies — DeepSeek, Xiaomi, MiniMax, Tencent, Alibaba — now dominate OpenRouter, the industry's most honest real-time scoreboard of developer usage, with DeepSeek at No. 1.

• The models you have to worry about are the same ones your team most wants to use.

Worth noting: Not all open models are Chinese. Meta's Llama and Europe's Mistral are credible alternatives with no ties to Beijing.

📋 A CEO checklist: All of us should ask and know ...

1. Which models are actually running in our stack? Are our engineers and vendors routing to models beyond those we bought right now?
2. Where does our data physically go? A model hosted on Azure or AWS keeps data in your cloud. A raw API call to a Chinese lab may not.
3. Who built it, and what law governs them? Remember that Chinese labs are legally obligated to cooperate with state intelligence.
4. What breaks if we have to rip it out? If regulation forces a switch, how deep is the dependency: a single feature or the foundation?
5. Are we choosing on price alone? Lower token cost is a real advantage, but "it was cheaper" shouldn't be the whole answer if someone asks.

America's competing interests

America made the opposite bet of China: We went all-in on our ahead-of-the-pack frontier proprietary models.

The big picture: The U.S. incentivized its frontier AI labs to optimize for revenue — with eyes on $1T+ IPOs. That pushed them toward subscriptions and closed ecosystems where every use can be metered.

Meta was the major open exception on American shores. Meta's 2023 release of Llama 2 was a breakthrough, and Nvidia CEO Jensen Huang later called it "probably the biggest event in AI" from that year.

• But Meta's main business was already built around ads, allowing it to push for an open AI ecosystem it could shape.
• Then Meta got hit with a huge cost of compute — and shifted its strategy away from the open ecosystem it once championed to play catch-up with Anthropic and OpenAI.

• Its newest model, Muse Spark, is closed-weight. And it's now testing paid AI subscriptions.

The bottom line: In the U.S., economics mean the AI feedback loop has to be mostly proprietary: Each lab learns from its own users, then sells the improvements back to them.

The complicated counterattack

Open-source advocates think American frontier labs are begging for regulation in order to corner the AI market.

Their claim: Costly compliance requirements — think: safety audits or liability frameworks — would be trivial for companies like Anthropic or OpenAI and fatal to any open-source project.

• With enough regulation, the market would be forced to consolidate around the companies the government deems safe. Inevitably, that'd be the most powerful frontier labs.

What they're saying: Former White House AI czar David Sacks, who still has President Trump's ear on cutting-edge issues, outlined this "regulatory capture agenda" on last weekend's episode of the "All-In" podcast.

• "You've got [Anthropic CEO Dario Amodei] who's out there describing these risks in a very hyperbolic way, and it's very clear where their agenda is headed, which is ... banning open-source models," Sacks said.
• "We're gonna be stuck with somewhere between one and three companies — maybe two — they'll be an AI monopoly or duopoly and they're gonna decide, along with some new government agency, which'll be a revolving door to their companies, who has access to what capabilities," he continued.

Yes, but: Sacks was bemoaning the guardrails Anthropic had established around discussing cybersecurity and biology with its powerful Fable model. But the episode was recorded before the Trump administration issued export controls that caused Anthropic to shut down consumer access to it.

• Anthropic has had its share of spats with the Trump White House. But the move is a massive alarm bell for the closed frontier labs themselves.
• They profit from having the best models, but now risk the government cutting off consumer access when that goal is achieved.

The bottom line: For the moment, the frontier labs are feeling the sting of government regulation long before any open-source model creators.

The case for open source

I asked Misha Laskin, co-founder and CEO of Reflection AI, an American open frontier lab, to make the pro-open-source case to other CEOs.

• Reflection, backed by Nvidia, says it has "identified a scalable commercial model that aligns with our open intelligence strategy."
• Demand is clearly there. Its valuation jumped from $545M in March 2025 to $8B in October 2025 to a potential $25B in a March fundraising round. It hasn't yet released a model.

Open models are a geopolitical priority. They're Trojan horses for the infrastructure they bring with them. When a nation or enterprise adopts an open model, it also adopts the chips and software stack that come with it natively.

1. There is a sovereign market that closed models can't serve. Enterprises that need full control over cost, security and deployment, and governments that must run AI on their own terms, require open models.
2. Renting vs. owning your intelligence. Closed models only rent out AI capability, while open models give you ownership.
3. For CEOs, open source is a strategic advantage and control play. You control cost, deployment, security and ultimately your own AI capabilities.

📈 If you're a CEO or on a CEO's team: Ask to join Jim's new weekly Axios C-Suite newsletter.