The transition of large-scale artificial intelligence(AI) models from closed-source to open-source architectures has given rise to a new generation of open-source foundation models exemplified by DeepSeek, LLaMA, and others, and they demonstrate pronounced advantages in openness, transparency, and customizability. These advantages help overcome key limitations inherent in closed-source models, including algorithmic opacity and high deployment costs, thereby revealing broad application prospects and significant practical value. Nevertheless, the technological shift from closed to open source has also reshaped the underlying risk landscape. The application risks of open-source large models have undergone notable transformations in their external manifestations, diffusion pathways, and controllability. Specifically, open-source models, their supply chains, and associated training data become more susceptible to low-barrier attacks; intellectual property infringement risks grow increasingly salient and complex; and the risk of model misuse or deviation from intended purposes may be amplified at scale as developer control becomes more diffuse. These developments underscore the necessity of establishing a governance approach tailored to the unique risks of open-source large models.
Employing normative analysis, comparative analysis, and related research methods, this study first examines the existing governance arrangements for open-source large models and identifies their structural limitations. It then introduces the concept of embedded governance into the domain of open-source AI governance and, drawing on the distinctive risk characteristics and governance needs of open-source large models, constructs a dedicated theoretical framework. Building on this framework, the study proposes a governance system specifically designed for open-source large models.
The findings indicate that current governance practices continue to rely predominantly on traditional “command-and-control” external regulatory models, which are ill-suited to addressing the dynamic and evolving risks associated with large AI models and are unable to balance risk mitigation with innovation incentives. In essence, the open-source model depends on global collaborative participation and derives its vitality from mechanisms of collective knowledge production and iterative technological advancement. Consequently, the governance of open-source large models should be aligned with the operational logic of open-source ecosystems. Rather than imposing predominantly external controls, governance mechanisms should be deeply embedded within the ecosystem itself, thereby fostering an endogenous and collaborative governance paradigm. To this end, the proposed shift from external regulation to embedded governance involves developing a theoretical framework across three dimensions-organizational embedding, institutional embedding, and technical embedding, which are grounded in existing embedded governance theory and adapted to the risk profile of open-source large models. This framework enables governance mechanisms to be integrated into the internal dynamics of the open-source ecosystem, activating its inherent capacity for self-regulation. Guided by this theoretical model, the study further proposes a progressive governance structure characterized by the interaction between "open-source ecosystem self-governance" and "government oversight". Through this structure, governmental authority is incorporated into open-source self-governance networks to facilitate co-governance, while institutional norms and technical tools appropriate for the open-source context are simultaneously embedded. The resulting governance system is capable of responding adaptively to emerging risks while promoting open-source innovation.
By developing an embedded governance system tailored to the risk characteristics of open-source large models, this study extends the application of embedded governance theory and provides an effective response to the governance challenges arising from the shift from closed-source to open-source AI. The proposed governance system incentivizes active self-regulation by industry associations, foundations, and open-source communities, harmonizes the relationship between ecosystem autonomy and governmental regulation, and achieves a more effective balance between risk management and innovation incentives. This research offers a theoretical foundation for the safe governance of open-source artificial intelligence in China and holds substantial significance for advancing the orderly development of the open-source ecosystem.
Ye Yingjie
,
Li Chuan
. From Closed Source to Open Source: Risk Evolution and Governance Paradigm Transformation in the Technological Transition of Large AI Models[J]. Science & Technology Progress and Policy, 2026
, 43(7)
: 1
-10
.
DOI: 10.6049/kjjbydc.D92025080179
[1] POO M-M. Reflections on DeepSeek′s breakthrough[J]. National Science Review, 2025,12(3):nwaf044.
[2] PERENS B. The open source definition[C]//DIBONA C,OCKMAN S,STONE M,et al.Open sources:voices from the open source revolution.Sebastopol,CA:O'Reilly,1999.
[3] 周辉.开源人工智能模型的法律治理[J].上海交通大学学报(哲学社会科学版),2024,32(8):18-33.
[4] 苏宇,郭雨婷.人工智能开源生态的法律治理[J].宁夏社会科学,2024,43(5):119-130.
[5] 刘力.生成式人工智能中知识蒸馏的正当性检视与规则优化——以OpenAI指控DeepSeek为切入点[J].湖南师范大学社会科学学报,2025,54(4):112-124.
[6] BENDER E M, GEBRU T, MCMILLAN-MAJOR A, et al. On the dangers of stochastic parrots: can language models be too big[C].Proceedings of the 2021 ACM Conference on Fairness, Accountability, and Transparency, 2021.
[7] JIANG W, SYNOVIC N, HYATT M, et al. An empirical study of pre-trained model reuse in the hugging face deep learning model registry[C].2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE),2023.
[8] BOMMASANI R,KAPOOR S,KLYMAN K,et al. Considerations for governing open foundation models[J]. Science, 2024, 386(6718): 151-153.
[9] OHM M,PLATE H,SYKOSCH A,et al.Backstabber′s knife collection: a review of open source software supply chain attacks[C].Detection of Intrusions and Malware, and Vulnerability Assessment: 17th International Conference, 2020.
[10] 祝建军.开源软件的著作权保护问题研究[J].知识产权,2023,37(3):30-44.
[11] 吴欣,武健宇,周明辉,等.开源许可证的选择:挑战和影响因素[J].软件学报,2022,33(1):1-25.
[12] GOU J, YU B, MAYBANK S J, et al. Knowledge distillation: a survey[J]. International Journal of Computer Vision, 2021, 129(6): 1789-1819.
[13] FIRDHOUS M F M, ELBREIKI W, ABDULLAHI I, et al. WormGPT: a large language model chatbot for criminals[C].2023 24th International Arab Conference on Information Technology (ACIT),2023.
[14] 王硕,索成.有组织的无序:生成式AI的加速扩散与社会吸纳的适配困境——基于DeepSeek“部署竞赛”的考察[J].电子政务,2025,22(12):72-80.
[15] POLANYI K. The great transformation: the political and economic origins of our time[M]. Boston:Beacon Press, 2001.
[16] GRANOVETTER M. Economic action and social structure: the problem of embeddedness[J]. American Journal of Sociology, 1985, 91(3): 481-510.
[17] ZUKIN S, DIMAGGIO P. Structures of capital: the social organization of the economy[M]. Cambridge: Cambridge University Press, 1990.
[18] EVANS P B.Embedded autonomy: states and industrial transformation[M]. Princeton: Princeton University Press,1995.
[19] 刘建平,杨磊.我国城市基层治理变迁:困境与出路——构建一种“嵌合式治理”机制[J].学习与实践,2014,31(1):94-99.
[20] NIST.Artificial Intelligence Risk Management Framework (AI RMF 1.0)[R]. Gaithersburg: National Institute of Standards and Technology, 2023.
[21] 熊樟林.企业行政合规的概念反思与重构[J].法商研究,2024,41(4):71-87.
[22] 周佑勇.企业行政合规的制度定位及其构建路径[J].比较法研究,2024,38(3):1-18.
[23] 徐美玲.软件著作权侵权“开源抗辩”解析[J].知识产权,2024,38(6):18-33.
[24] 张凌寒,何佳欣.开源人工智能负责任创新的法律保障[J].法治社会,2025,10(3):32-48.
[25] 叶英杰,李川.人工智能模型训练中合成数据的应用风险及其治理路径[J].情报理论与实践,2025,48(6):47-55.
[26] LADISA P, PLATE H, MARTINEZ M, et al. Sok: taxonomy of attacks on open-source software supply chains[C].2023 IEEE Symposium on Security and Privacy, 2023.
[27] NOCERA S, ROMANO S, DI PENTA M, et al. Software bill of materials adoption: a mining study from GitHub[C].2023 IEEE International Conference on Software Maintenance and Evolution, 2023.
[28] UCHIDA Y, NAGAI Y, SAKAZAWA S, et al. Embedding watermarks into deep neural networks[C].Proceedings of the 2017 ACM on International Conference on Multimedia Retrieval,2017.
[29] YU T, ZHANG H, LI Q, et al. Rlaif-v: open-source AI feedback leads to super GPT-4V trustworthiness[C].Proceedings of the Computer Vision and Pattern Recognition Conference,2025.
WeChat Service Account
WeChat Official Account
WeCom Customer Service