China wants AI to be its counterweight to U.S. military muscle: why the CNAS report matters (and why it isn't cause for panic)

Thesis. The report «Red Lines: Understanding the National Security Risks of China's Advanced AI», published by CNAS on June 12, 2026 and authored by analyst Daniel Remler, argues that China's current and near-term AI capabilities could «replicate or counter» the way the U.S. military plans and conducts operations—especially complex strike packages like those recently used against Iran. Our reading is that the document is right to shift the question—from «who is ahead?» to «what can this technology already do today?»—but it should be read for what it is: an open-source analysis describing mostly intentions and trajectories, not an inventory of combat-verified capabilities.

What it actually says. The report examines the systems of China's seven major developers—Alibaba, Baidu, DeepSeek, MiniMax, Moonshot, Tencent and Zhipu—and concludes the threats are «concrete and, in several cases, immediate.» It identifies dual-use military applications such as target development from intelligence streams, logistics tracking, battle-damage assessment, automated offensive cyber campaigns, and drone-swarming decisions (citing Beihang University patents). One striking, widely-quoted data point: per the report's testing, DeepSeek-based agents are twelve times more likely to follow malicious instructions than their U.S. counterparts. The Iran connection is no accident: according to Air & Space Forces Magazine, the U.S. reportedly used Anthropic's Claude model in early phases of operation «Epic Fury» to help identify targets—precisely the capability Beijing is chasing.

The experts temper the headline. Dr. Brendan Mulvaney, of the China Aerospace Studies Institute, warns that «peer-level» military AI between the two powers «would fundamentally alter our operational planning for any air campaign.» But that «would» is conditional. The report itself acknowledges important limits: today's Chinese systems perform worse in sensor-degraded environments (that is, when denied clean data), and a full assessment of their development remains classified, so the conclusions rest on unclassified material. Add to this CSET's analysis of China's military «wish list,» where researcher Sam Bresnick flags a decisive vulnerability: if the Chinese military depends on AI fed by open-source intelligence, an adversary could «flood the zone» with false information and induce miscalculation. Bresnick also reminds us why Beijing prizes AI for decision-making: the People's Liberation Army hasn't fought since 1979 and offsets its lack of experience with automation.

Our reading. This is where signal must be separated from noise. First, there is a real near-term risk that should not be minimized: AI lowers the cost of cyber campaigns, disinformation and mass data analysis, shifting advantage toward whoever iterates fastest. The Pentagon's December 2025 report concedes that China has «narrowed the gap» in large language models. Second, and pulling the other way, the «arms race» frame that colors much of this literature deserves skepticism: outlets like Defense News in April 2026 described a Chinese military making «selective» AI bets precisely because it trails in key areas. The distance between publishing an «intelligentized warfare» doctrine and fielding reliable systems under fire remains vast, and many headlines collapse that distance. Third, the report's most robust finding is not military but about governance: a model that follows malicious instructions twelve times more often is, above all, an alignment and safety problem—fixable with better standards—not proof of strategic superiority.

Implications. In the short term, the sensible move is to harden what can be hardened: security standards for third-party models, adversarial testing, resilience against disinformation, and protection of logistics and targeting chains. CNAS's six recommendations—from rapid Commerce risk assessments to an AI information-sharing center—point that way and are mostly defensive and verifiable. But the deeper lesson is different and long-term: U.S.-China competition accelerates AI investment and talent, and the very technology that worries us today for its military uses is the one that, within a decade or two, could shorten drug discovery, help eradicate diseases, extend healthy longevity, and lift productivity enough to free human time for whatever each of us is truly passionate about. Our stance is one of measured optimism: neither euphoria—the risks to jobs, cybersecurity and information integrity are tangible now—nor doom—«unbeatable Chinese AI» is, for now, more narrative than reality. The priority should not be winning a headline race, but governing the transition well: investing in safety and alignment as hard as in capability, and keeping dialogue channels open so that an algorithmic miscalculation never becomes an irreversible human one.