Welcome to the eleventh edition of HRF’s AI for Individual Rights newsletter.
Today, we cover a report revealing potential advances in North Korea’s AI capabilities that enable dangerous surveillance use cases despite an apparent lack of ability to acquire advanced AI chips. Meanwhile, across Cambodia and Saudi Arabia, partnerships with Chinese technology firms are laying the foundation for the development of more automated surveillance systems.
China’s AI influence is growing in another direction as well: through the release of powerful models. Two weeks ago, Chinese AI company Z.ai launched a model that performed nearly on par with OpenAI and Anthropic’s top models, despite being cheaper. The Z.ai model is also open weight which means that users with sufficient hardware can download the model, run it themselves locally, and interact with it privately. But what is the risk of relying on a model that is developed by a company operating in an authoritarian regime? Continue reading to find out.
We end with reflections from HRF’s Chief Strategy Officer, Alex Gladstein, who is witnessing firsthand how quickly open-weight AI and open-source AI tools have progressed in a short span of time. He looks back on the past three months of HRF’s AI program and how HRF has and will continue to equip dissidents with powerful open-source AI agents and local AI.
Moving forward, we will offer an option to receive a version of this newsletter every week, to match the amazing pace of the AI field.
Join our AI for Individual Rights Newsletter
If you are interested in a weekly version of this newsletter, please sign up by clicking the button below.
The Latest in AI for Repression
North Korea Makes AI Advances Despite Chip Restrictions
A new report from the Institute for National Security Strategy, a South Korean research center, found that North Korea has made rapid advances in AI despite international sanctions on advanced AI chips. Based on analysis of recent publications from North Korean universities, the report concludes the North Korean regime has now likely achieved functional capabilities in AI-powered facial recognition, speech synthesis, voice analysis, and visual tracking. Each of these technologies can be used to surveil citizens, hack vulnerable targets, or advance military operations. Alarmingly, these developments were accomplished whilst relying on older AI hardware — most of which dates back to 2016-2018 or are secondhand chips smuggled into the country. Despite restrictions on access to advanced chips, the North Korean regime has continued its push to build AI tools to monitor, identify, and control its over 26 million citizens.
Cambodia Launches Smart Policing Initiative in Phnom Penh
Cambodia’s Ministry of Interior formally launched a China-backed “Smart Police” initiative in the capital city of Phnom Penh. The new policing system will connect 487 cameras equipped with AI-powered identity and vehicle tracking and send all video feeds into a new centralized command center. To support the rollout, Chinese-backed regional security partners are providing financial and technical support for the project and have pledged to expand the camera grid in the future. Cambodian officials say the project will protect residents and tourists. But in a country where dissent is overtly and systematically punished, these new AI-powered systems can easily double as a surveillance machine capable of identifying anyone who criticizes the ruling party.
Saudi Arabia Makes Smart City Deals with Chinese Tech Firms
Saudi Arabia’s Ministry of Municipalities and Housing signed cooperation agreements with Chinese technology firms including Huawei, ByteDance, and Lenovo to develop AI-powered city management tools. Plans include developing smart-city systems, digital services, data centers, and AI tools to help plan, manage, and operate future cities. While the details remain unclear, these agreements raise concern. Chinese companies like Huawei have exported “smart city” technologies, from data analysis systems to facial recognition cameras, to other authoritarian regimes in the name of efficiency and safety. But under dictatorships, these systems can serve as tools of surveillance and control. Saudi Arabia’s growing partnerships with these firms could lay the groundwork for more automated and pervasive state monitoring.
Mistral’s AI Models Rank Among Weakest at Filtering Russian Propaganda
A study from the Institute of the Estonian Language, a research organization housed within the country’s education ministry, found that open-weight AI models were among the weakest at resisting Russian propaganda. The researchers tested 60 AI models across 14 Kremlin propaganda themes, including claims about Russia rescuing children from Ukraine and the USSR liberating Europe from fascism. In their findings, Mistral, a French AI lab behind leading open models developed in a democracy, performed particularly poorly. Mistral’s most advanced model placed 47th out of 60 and scored under 40% in effectiveness at identifying “malicious” Russian propaganda. Mistral responded by saying it “takes the fight against disinformation extremely seriously and continuously invests in advanced detection.”
Why this matters: Open-weight AI models like Mistral’s are AI systems whose inner workings are publicly available for anyone to download, modify, and privately run, making them useful for activists under surveillance in authoritarian regimes. But they can still absorb propaganda and misinformation when regimes flood the internet with false or misleading information intended to justify its wars, distort history, and undermine democracy.
Burma’s Junta Announces 24-Hour Surveillance of Fake News on Social Media
Burma’s Ministry of Home Affairs announced that it conducts 24-hour surveillance of social media under the guise of combating “fake news, misinformation, and politically motivated attacks” against the military junta. Violators can face hefty fines or even prison sentences under current counterterrorism and criminal laws. It is unclear how the regime carries out this around-the-clock monitoring, or if it integrates AI to do so. But the announcement highlights the junta’s pervasive use of digital surveillance to silence its critics, and integrating AI into this system could accelerate its ability to flag digital dissent and imprison those who resist their authoritarian rule.
Chinese WeChat Launches AI-Native Payment Card
WeChat, a Chinese super-app used for messaging, payments, and shopping, launched a payment card for AI agents. Users load money onto this card, ask an agent to find deals on specific items, and have it purchase and pay for the products with the card. While this may be convenient, the feature gives WeChat more information and control over their users’ spending. Already, the platform closely monitors online discussions and ensures conformity with the Chinese Communist Party’s content restrictions. And now they could bring this surveillance onto payments. AI agents could help collect user’s financial data and build profiles of their behavior. One day, that could mean a dissident trying to buy materials for a protest is flagged or blocked before the purchase goes through.
Recommended Content
Automating Repression Beyond Borders: How AI Is Powering Transnational Repression
In this comprehensive study, the European Center for Not-for-Profit Law, a civic freedoms organization, examines how authoritarian regimes use AI to surveil, intimidate, and silence dissent beyond their borders. They report that dictators turn to facial recognition, deepfakes, social media content moderation, and disinformation campaigns to amplify their transnational repression. The report also cites HRF’s article “Beyond Borders: China’s Transnational Repression of Uyghurs,” to document how the Chinese Communist Party has systematically targeted Uyghurs (a minority group) living abroad. Read it here to explore specific AI tools powering repression.
The Latest in AI for Freedom
AI Model GLM-5.2 Shows Promise and Concern for Future of Open-Weight AI
Chinese AI company Z.ai launched GLM-5.2, a top-performing, open-weight AI model that has drawn significant attention in the AI community. This new model is optimized for complex coding tasks and can work through large software projects at performance levels extremely close to those of OpenAI and Anthropic’s best models (and at a lower price point). GLM-5.2 stands out in one other important way: it is an open-weight model. That means anyone can download it, modify it, and run it locally and privately without sending data to a third party. Users can even interact privately with the models through encrypted chat services like Maple AI and PayPerQ. This means researchers in democracies can also study, adapt, and build on it to develop other powerful open-weight models as well.
Important: Z.ai has known ties to the Chinese Communist Party (CCP), which means its outputs could be tinged with CCP-aligned propaganda and censorship. Separately, anyone using GLM’s API or web-hosted version (instead of running it locally) will send their data directly to servers in China. From there, the CCP can legally compel Z.ai to hand over user data. While the release of GLM-5.2 proves that open-weight models can compete with top closed-source models, it also underlines the urgency for democracies to build powerful, open-weight models of their own.
Hermes Expands Payment Capabilities with Stripe Collaboration
Nous Research, an AI research lab, expanded payment capabilities for Hermes, its open-source AI agent. Now, Hermes agents can more easily pay for services, subscriptions, APIs, and resources needed to complete tasks. To make this agent-led purchasing possible, Nous partnered with financial technology company Stripe and created a set of skills (instructions for agents to execute payment tasks). Users can simply install the skills, connect their Stripe account, link an approved payment method (like a card or bank account), and set spending limits and approval rules. The result is an AI agent that can make purchases on a user’s behalf while still keeping users in control of the funds.
Why this matters: As agents begin to execute on work and interact with the digital economy, they free up human rights defenders from tedious administrative tasks. This allows them to spend more time on advocacy and more impactful work.
Soapbox Created a Nostr Manual for AI Agents Nostrbook
Soapbox, an organization building open digital tools, created Nostrbook, a reference library that helps both humans and AI agents build on Nostr, a decentralized social network. Nostrbook provides instructions on Nostr’s technical rules and the building blocks needed to create features like profiles, posts, messages, and other applications on the network. AI agents can simply read through Nostrbook and then use the instructions to build Nostr-based applications without guessing or relying on outdated information. Now, imagine a dissident who wants to build an app that cannot be shut down at a dictator’s whim. They can give an agent Nostrbook and watch it start building on a permissionless and censorship-resistant protocol.
Maple AI’s Reproducible Builds Allow Users to Verify Applications Themselves
Maple AI, a service that provides end-to-end encrypted interactions with AI, released a new version of its platform with reproducible builds: instructions that allow anyone technical enough to verify that the Maple AI app they download is indeed built from the public open-source code. This is valuable because even when an application’s code is open-source, users must often trust that the software they download was actually built from the open-source code it claims to be. Maple’s new reproducible builds remove that guesswork and the need to trust the company by enabling independent verification. Perhaps most impressively, Maple AI says the feature was built in just two days using AI agent Codex 5.5, which automated much of the engineering work required.
Google Launches DiffusionGemma for Local Text Generation
Google released DiffusionGemma, an experimental, open-weight AI model designed to generate text faster. Ask the model a question, and it will produce blocks of text at once, rather than generating one word at a time like traditional models. In effect, this process makes running DiffusionGemma locally more efficient. Traditional models can leave parts of GPUs (devices that help run AI) underused between each new word. Google says that by generating blocks of text all at once, “DiffusionGemma utilizes your hardware to its full potential.”
Why this matters: Experiments like these demonstrate a push to make open-weight models and local AI faster and more efficient. While DiffusionGemma still requires powerful hardware, advances like this could eventually make private AI more practical on smaller, personal devices.
Recommended Content
In a post on X, HRF Chief Strategy Officer Alex Gladstein reflects on how AI has already rapidly advanced freedom over the past three months and how HRF’s recent efforts have put these new extraordinary abilities into the hands of dissidents. He also mentions HRF’s partnership with Finite, a company making frontier AI accessible, to host “Agent Camps,” three-day training sessions for dissidents to deploy AI agents. To facilitate this, Finite developed an easy-to-use platform for hosting and interacting with agents, including a “private mode” that prevents user queries from reaching a third party. And now, as open-weight models improve, HRF and Finite are running models locally and connecting them to agents. Read Alex’s full reflections to learn more about HRF’s past and upcoming projects on AI and freedom tech.
Want to contribute to the newsletter? Submit tips, stories, news, and ideas by emailing [email protected].