For America, is big or open best for AI models?
Jared Dunnmon on AI competition
Since the launch of Project Stargate by OpenAI and the debut of DeepSeek’s V3 model, there has been a raging debate in global AI circles: What’s the balance between openness and scale when it comes to the competition for the frontiers of AI performance? More compute has traditionally led to better models, but V3 showed that it was possible to rapidly improve a model with less compute. At risk in the debate is nothing less than American dominance in the AI race.
Jared Dunnmon is highly concerned about the trajectory. He recently wrote “The Real Threat of Chinese AI” for Foreign Affairs, and across multiple years at the Defense Department’s DIU office, he has focused on ensuring long-term American supremacy in the critical technologies underpinning AI. That’s led to a complex thicket of policy challenges, from how open is “open-source” and “open-weights” to the energy needs of data centers as well as the censorship latent in every Chinese AI model.
Joining me and Laurence Pevsner, we talk about the scale of Stargate versus the efficiency of V3, the security of open versus closed models and which to trust, how the world can better benchmark the performance of different models, and finally, what the U.S. must do to continue to compete in AI in the years ahead.
This interview has been edited for length and clarity.
Danny Crichton:
You recently published a piece in Foreign Affairs called “The Real Threat of Chinese AI.” The focus is not just China, but the importance of open source to the future of American competitiveness in artificial intelligence and machine learning. Recently, Sam Altman, the CEO of OpenAI, announced that, for the first time in the six years since the launch of GPT-2, the company is going to launch and publish an open-weights model. This came soon after DeepSeek and launched V3 on December 26 last year.
So I'm curious: When you think about open source and the future of AI, why that timing?
Jared Dunnmon:
There’s a bit of an interesting origin story to the Foreign Affairs piece. I started writing my paper when I was running on the beach. I was pinging Deepseek from my phone, because I was curious how it was going to do various things. This was on Christmas Day. At some point, it stopped answering me. I expected there to be various things I couldn't ask about. But I kept running into them. And then I asked it, “Okay, can we have a productive conversation here? Can you tell me what your guardrails are?” To which it said no.
So that’s interesting. If I were to put this thing in the API layer underneath a bunch of different applications, that would have some consequences.
I started in to see if I could figure out what the Cyberspace Administration of China says, and how much is being done on the server side versus in the model. I was going through the documentation and I noticed way down on the page it said, “If you want to run on Huawei Ascend, here's how you do it.” At that point, it very quickly becomes a logical train of thought, which is, "Okay, we're putting out this thing that is very high-performing, objectively very good on quality. You can run it for effectively the cost of the electrons and the amortized CapEx, and that tends to get you market share."
And then when you start building market share, you start being able to do things like decide that later versions of this tool will run on my chips. So it very quickly starts to look like a story we've seen before, which is low-cost Chinese entry into a current sector followed by massive gain of market share, followed by potentially sucking of capital and resources into the Chinese ecosystem in a way that does not go well for American competitors.
Danny Crichton:
China's been focused on de-risking in the technology sector for more than a decade. If you look at Made in China 2025, which was written in 2015, the plans have mostly been executed. Research from the last couple months has shown that something like 90, 93% of all the targets were met within the 10-year period. There might be some fudge factor due to the CCP bureaucracy, but the reality is that China has done very, very well. You have DeepSeek getting access to enough Nvidia compute, enough compute from other sources — it's all coming together.
Nonetheless, your piece emphasizes that from top to bottom, from chips to compute to data, we've basically proven that open-source models work. China has been very open across its models. So it's not just DeepSeek, but it's also Alibaba with its Qwen infrastructures and so on. That is in contrast to the proprietary nature of the American model. OpenAI is proprietary, Gemini is proprietary.
The exception, at least until OpenAI's recent announcement, was with Meta. Llama has had a fully open-source strategy. Your proposal in Foreign Affairs was that to win AI, we need to be open and we need to incentivize companies to do that.
Jared Dunnmon:
I would also give Google credit for recently releasing Gemini 3, which is performing some reasonable approximation of DeepSeek and runs on one GPU. I think you're already starting to see some of the dominoes fall.
To your point about the overall supply chain and how competition is happening up and down the AI stack: When you start losing market share, there are a lot of implications. Ascend is not the best thing in the world, but it's good enough to run good AI that is good enough for a huge percentage of applications.
In other words, you can take good enough chips, run good enough AI on them, and you can offer it at a good enough price — with or without subsidy — to freeze out competition. And that's how Nvidia, TSMC, ASML — the entire Western chipmaking ecosystem — starts to lose. In a lot of ways, this has shades of what happened to Wintel back in the earlier era of general computing.
Laurence Pevsner:
In your piece you wrote talked about sleeper agents, this idea that the developers could embed dangerous behaviors that would only arise in specific context. I found myself not quite understanding how it is that you could be both open source and also have sleeper agents. In Linux, for example, there couldn't be code that you wouldn't know about, right?
Jared Dunnmon:
That's a great question. This was a terminology issue, and it is actually quite frustrating. I wanted to refer to the class of systems that includes open-source and open-weight systems as “open systems,” but then I started saying just “open AI.” But it is important to differentiate the two.
With open source, I have access to the training data, every parameter. I have the recipe, not just the dish. With open weights, I just have the dish. Unlike traditional software, I can't read line by line and say, "Oh, there's where this particular behavior is inserted."
You’re right that, in open source, if anyone added something very bald faced, folks could see it. But this is where the differentiation comes in. So Llama, DeepSeek, a lot of these models are open weight. They give you the dish. And you can use it as much as you want, but you don't have the full recipe. You don't know exactly what data went into it.
Danny Crichton:
The other answer is that all the code can be available, but there's millions and millions of lines of code and only so much time to read it all.
Jared Dunnmon:
Right. I mean if you download the weights just for DeepSeek-V3, it's over a terabyte. I mean try convincing me that there's not something bad written in there or something that couldn't be parsed into something bad given any number of environments or context or whatever.
Laurence Pevsner:
And China is notoriously very clever about this. I mean, I remember talking to an expert about censorship and how China works with Western news sources. They said, "Well, the most effective censorship the CCP does is not to block websites but just to make them very slow to load.” And so you just get bored and log off. Same thing with this terabyte of data that no one will ever actually go through line by line.
Danny Crichton:
I do think there are large security issues. It's interesting to think about a future where AI itself is trying to secure AI. And so you are creating an arms race. There are already companies like Socket that do supply chain security around source code. It scans NPM, the JavaScript world and other major open-source libraries to determine whether any changes have been made, and whether those changes alter the functions.
There was a scandal a few months ago in which a major package — it's in basically every JavaScript app — had a massive bug that someone deliberately added. And it was there for three weeks before anyone noticed. There are not a lot of folks who actually get funded to evaluate these tools and make sure they're reliable.
Now, it'll be interesting to how this plays out in the AI world. These companies are well capitalized, they have a huge incentive to be secure. But to your point, there's always a way to put a backdoor in.
I want to return to your proposals in the Foreign Affairs piece. Tell us what you put forward.
Jared Dunnmon:
The proposals were focused on a very basic set of actions. It's not a panacea. And there are certainly other things that one could do.
But to start with, one core idea is simply to make sure that, from a Western perspective, and certainly from a U.S. perspective, we're incentivizing the development of good, responsibly-built, highly functional AI capabilities that are released in some appropriately open way.
It is also important to make sure that the folks who would build for open source, particularly researchers and so on, have access to some of the compute they need.
There’s also a lot to do from an evaluation perspective. This is probably a public-private partnership type of thing. Right now, some of the best people we have thinking about how to evaluate models sit in the private sector. I think there's been some progress with the AI Safety Institute. The question is, how do you get the most eyes on these various models that are coming out all the time?
There are also some things around making sure the U.S. ecosystem is sticky. Right now, if I want to go and build things on Apple’s M series or TPUs or AMD, I might have to do a little bit of futzing back and forth to deal with that versus Nvidia. If you could make sure all those things are very easy to run together, you could increase the stickiness of that ecosystem.
There's a lot also to do from a competition perspective. I would argue that a lot of our structures for thinking about antitrust and competitiveness in a free market were built for a world that did not have state-owned enterprises competing with U.S. companies. I’m not saying you should do a bargain with the devil where you have monopolies all over the place. However, I think it is entirely reasonable to consider a company's contribution to U.S. open-source leadership in deliberations around antitrust.
So, Meta supports PyTorch. They don't have to. Google supports TensorFlow. Microsoft supports a number of open models in addition to developer tools. VSCode is pretty cool. So we might want to think about how we set incentives for these large companies, which frankly have the user mass and the capital mass to compete with state-owned enterprises. I would argue that if you break a lot of these companies up, they wouldn't have the mass to compete with state-owned enterprises.
The last piece is infrastructure. China builds a ton of power, and we're not very good doing the same. There's a lot that we can do here, including fixes to the grid, fixes to generation, clean firm power, and making sure we use systems that intelligently reduce power demand.
Laurence Pevsner:
Let's start with maybe a question about Stargate, which gets at a bunch of this. Stargate is an example where we are building the AI infrastructure you're talking about, but the main partner involved from the United States, OpenAI, is — at best —not a full-throated supporter of open weight.
Should we scrap that effort and do something else? Is it complimentary? Is it orthogonal?
If we build stuff like Stargate at the opportunity cost of open leadership, that's not a great outcome.
Jared Dunnmon:
I'll admit I haven't spent a ton of time thinking about Stargate in particular. So what I'm going to say is my understanding, which is that it is a very, very large amount of compute. The question is: Is it worth building a giant amount of compute? I would argue to you that it is. Now, it may not be worth it for reasons of training the world's monstrosity of a model. But it might be worth it if we could give some of the academic and industry researchers who would release stuff openly access to computing resources.
From a public sector perspective, I think you also care about having a classified enclave within Stargate. I would want to make sure that the U.S. government had an ability to easily and rapidly take some of the innovations that might come out of the initiative to test or run classified workloads.
So I think there's a lot of good reasons to have a massive amount of compute. Would that be the decision I would make if I were thinking about allocating an arbitrary pot of capital? I might think about that a little bit differently because I believe the world's going to shift toward a lot of smaller models running in a lot of different places.
Danny Crichton:
We’re all trying to figure this out because the AI world is evolving so rapidly. There's a whole new generation of model writers — some in our portfolio, some not — who are trying different architectures, trying to be more efficient, trying to optimize for test time, for inference, et cetera. I think what's interesting here is that there's no world in which less compute is better than more compute. The entire history of compute is that we always find a use for compute.
Jared Dunnmon:
I think it's less a question of: Is it a good idea objectively? The question, as always, is what the opportunity cost will be. And to me, if we build stuff like Stargate at the opportunity cost of open leadership, that's not a great outcome.
Danny Crichton:
We've been focused a lot on the analogy to the dot-com bubble and fiber cables. We had Tobias Huber and Byrne Hobart come in to talk about their book Boom. Their thesis was basically that progress starts because we massively over-invest in a technology. If you look at fiber, a bunch of random stuff came out of it. So for instance, it was the original purchase of fiber at Google that eventually allowed Google to fix the economics of YouTube.
So my question is always like, look, $500 billion will go in these data centers. Let's say it booms, it blows up, we have a super-efficient model and we aren't using the compute. Someone will buy it in bankruptcy. It exists and someone will do something creative with it. And it may be an AI model, might be YouTube. But as an investor who has to make the purchase, the question is whether this is what you want to put your cash on.
Jared Dunnmon:
Yeah. And again, I think it depends on what it's for. If you were building me a giant inference cluster and you had capacity booked out for goodness knows how long, I think that's potentially a different conversation. But I also agree with you because, as an American with my American hat on, do I want a giant data center being built in America? Yes, I do. There's no question about that. The question is, again, is the opportunity cost.
Danny Crichton:
You had a good framework here, which is the company balance sheet versus the nation state balance sheet. If you're a policymaker today, what are you doing? Are you making decisions? Are you in a learn-and-seek mode? How do you handle how much change is happening?
Jared Dunnmon:
If I'm a policymaker, I desperately want more information. I want to know how we are evaluating these models — where are they working, where are they not? Are there existential risks? How real are those and how concerned about them should we be? I would also want to know whether those same existential risks are enabled by a model that just got released openly, and does that change my policy framework. Protect to promote to a degree, right? I would also want to know about the energy side.
What we want is more information. We need to get the instrumentation of our AI ecosystem right first so that we understand what is being run, how it is being run, what capabilities it has, what the infrastructure costs are, and what that implies for not just the future, but also the present.
Danny Crichton:
Jared, thank you so much for joining us.
Jared Dunnmon:
Yeah, likewise. Thanks for having me.
