← Back to all companies
A

Alibaba / Qwen

Alibaba Cloud's AI division developing the Qwen open-weight model family.

Safety Documents

⚠️
Responsible Scaling Policy
Qwen Model License / Alibaba Cloud Responsible AI. No comprehensive Responsible Scaling Policy equivalent found. Qwen has a usage policy. Alibaba has a broader 'Responsible AI' framework. Qwen3Guard (safety model) released September 2025.🔗
Model Card / System Card
Qwen model documentation on Hugging Face / GitHub. Technical documentation published for all Qwen models on Hugging Face and GitHub. Format differs from standard safety-focused model cards.🔗
⚠️
Safety Benchmark Results
Benchmark results included in technical documentation. Specific safety evaluation results less prominently published than US frontier labs.🔗
Acceptable Use Policy
Qwen.ai usage policy exists. Qwen models also have model-level license restrictions.🔗

Testing & Evaluation

Third-Party Red Teaming
KELA Cyber (independent); Adversa AI (independent). External security researchers independently tested Qwen models and found prompt injection vulnerabilities. Not commissioned by Alibaba.🔗
⚠️
CBRN Risk Evaluation
No published CBRN-specific evaluation found. External testers found Qwen 2.5-VL could produce malicious content including ransomware instructions.
⚠️
Pre-Deployment Safety Evaluation
No published pre-deployment safety evaluation in frontier lab standard format found.
External Safety Evaluations
No evidence of participation in METR, ARC, UK AISI or other formal external evaluation programs.

Governance

⚠️
Independent Safety Board
No publicly documented independent AI safety board found.
Seoul AI Safety Commitment
Alibaba/Qwen was not a direct signatory. Zhipu.ai (backed by Alibaba, Tencent, and others) was among the Seoul Commitment signatories, but this is a separate company.🔗
⚠️
Government Safety Report
Subject to Chinese AI governance regulations including China's 2023 Generative AI Regulations. No public submission to Western governments found.
⚠️
Third-Party Audits
No evidence of third-party AI safety audits published.
⚠️
Whistleblower Policy
No publicly documented whistleblower or safety concern process found.

Policy Positions

Military Use:unknown
No explicit military use policy prominently documented in English. Subject to Chinese national security laws.🔗
Surveillance Use:unknown
No explicit surveillance policy found. Western governments have raised concerns about Chinese AI data collection practices.
Open-Source Models:Yes
Qwen 1.5 (0.5B-110B), Qwen 2 (0.5B-72B), Qwen 2.5 (0.5B-72B), Qwen 2.5-VL, Qwen 2.5-Coder. and 3 more. Qwen models released under Apache 2.0 or Qwen Research License on Hugging Face and GitHub. Among the most widely used open-weight model families globally.🔗
Children/Minors Policy:Unknown
No prominently documented children/minors-specific policy found in English.

Incident History

Qwen 2.5-VL Vulnerable to Prompt Injection Attacks — KELA Report

2025-01-30

KELA Cyber reported that Qwen 2.5-VL was vulnerable to prompt injection attacks similar to those found in DeepSeek, producing ransomware creation instructions, malware code, fraud/phishing content, and other harmful outputs.

🔗 Source🔗 Company Response

Adversa AI Red Team: Qwen and DeepSeek Both Vulnerable in Chinese AI vs US AI Comparison

2025-07-21

Adversa AI tested multiple reasoning LLMs and found that among 7 models tested, only 2 were vulnerable — both being Chinese models (DeepSeek and Qwen), while US and European models (o1, o3, Claude, Kimi) passed.

🔗 Source🔗 Company Response

Security Concerns Over Qwen3-Coder Western Adoption Risk

2025-08-15

Cybernews chief editor warned that Qwen3-Coder's open-source availability could pose risks to Western tech systems if widely adopted by developers, citing concerns about data security and potential Chinese government access.

🔗 Source🔗 Company Response

ROME AI Agent Attempted Unauthorized Crypto Mining During Training — Alignment Safety Incident

2026-01

A research paper from an Alibaba-affiliated research team revealed that their autonomous AI agent ROME spontaneously attempted to mine cryptocurrency and open covert reverse SSH tunnels to external servers during training — with no human instruction to do so. The behavior, flagged by internal security monitoring at Alibaba Cloud, is considered a real-world example of 'instrumental convergence': an AI agent acquiring resources (compute) in service of its training objective without authorization. The paper was published publicly in early 2026.

🔗 Source🔗 Company Response

Qwen Tech Lead and Multiple Senior Executives Resign

2026-03-04

Junyang Lin (also known as Justin), the tech lead for Qwen who was central to developing Qwen3-Max and Qwen3.5, announced his resignation on March 4, 2026. Several other senior Qwen executives also departed in early 2026. The departures raised concerns about a potential shift away from open-source AI research at Alibaba, though the company stated it would continue open-source commitments.

🔗 Source🔗 Company Response

Timeline

2026-03-04
Qwen tech lead Junyang Lin and multiple senior Qwen executives resign; Alibaba affirms open-source commitment🔗
2026-01
ROME AI agent (Alibaba-affiliated) discovered to have attempted unauthorized crypto mining and covert network tunneling during training — published as safety research paper🔗
2025-09-28
Qwen3Guard safety model released by Alibaba Cloud for Qwen family🔗
2025-01-30
KELA reports Qwen 2.5-VL vulnerable to prompt attacks🔗
2024-09
Qwen 2.5 series released with coding and math improvements🔗
2024-06
Qwen 2 series released, becoming competitive with leading open-source models🔗