US and China are reportedly moving toward an “AI technological disarmament” pact—an idea that sounds like science fiction until you look at the logic driving it. In essence, the proposal aims to regulate the most consequential categories of high-impact artificial intelligence while reducing the incentives for a destabilising arms-race dynamic between the world’s two most important AI ecosystems. If it takes shape, the agreement would not be about banning innovation outright. It would be about narrowing uncertainty, slowing the most dangerous trajectories, and creating a shared framework for what counts as acceptable risk when systems can be used for both civilian and strategic purposes.
The headline many observers are focusing on is simple: a shared framework could make everyone feel more secure. But the real story is more complicated—and more interesting. The security problem with advanced AI is not only what it can do in a lab. It is what it can do under pressure, at scale, and under conditions where rivals assume the worst. That is why the proposed pact, if credible, would likely resemble a hybrid of arms-control thinking and modern technology governance: part verification, part transparency, part restraint, and part crisis management.
To understand why this matters, it helps to start with what “disarmament” means in the AI context. Traditional arms control targets physical weapons—missiles, nuclear warheads, chemical stockpiles. AI is different. There is no single “weapon” to count. Instead, there are capabilities: models that can automate cyber operations, generate persuasive propaganda at speed, assist in designing biological experiments, or optimise logistics and targeting. The same underlying techniques can be used for benign purposes or for harm. That dual-use nature makes AI governance harder than regulating a discrete arsenal.
Yet the dual-use character is also exactly why a US-China pact could be valuable. When both sides know that the other is developing powerful systems, the central question becomes not whether AI exists, but how quickly it advances, how it is deployed, and how much each side can infer about the other’s intentions. In a world where capabilities evolve rapidly and information is asymmetric, mistrust becomes a strategic asset for no one. It pushes both sides toward worst-case planning, which can accelerate competition even when neither side wants conflict.
A technological disarmament pact would try to interrupt that cycle.
Clear boundaries for high-impact capabilities
One of the most plausible elements of such an agreement is a shared definition of “high-impact” AI capabilities. Without definitions, regulation becomes performative: everyone claims compliance while building systems that skirt the spirit of the rules. A serious pact would therefore need categories that are operational enough to guide development decisions.
These categories might include frontier-scale models trained with certain compute thresholds, systems capable of autonomous or semi-autonomous task execution in sensitive domains, or tools that can materially increase the effectiveness of cyber intrusion, influence operations, or other forms of strategic disruption. The goal would not necessarily be to stop training altogether. It would be to require additional safeguards, reporting, or restrictions when systems cross specific capability lines.
This is where the pact could be more than symbolic. If the US and China agree on what constitutes a high-risk capability, they can align their internal policies around the same trigger points. That alignment reduces the chance that one side interprets the other’s progress as a covert attempt to leap into prohibited territory.
In practice, the hardest part would be agreeing on thresholds that are both scientifically meaningful and politically acceptable. AI capabilities don’t map neatly onto a single metric the way a missile range does. Performance depends on data, architecture, fine-tuning, and deployment context. So any workable framework would likely combine quantitative indicators with qualitative assessments—perhaps including independent evaluations of model behaviour in relevant test suites.
Fewer unknowns between major powers
Security dilemmas thrive on uncertainty. Even if leaders believe the other side is acting in good faith, they may still worry that the other side’s systems could be repurposed quickly, or that the other side’s internal safeguards might fail under stress. The proposed pact’s promise is that it would reduce the number of unknowns that feed worst-case assumptions.
That could mean more than just exchanging statements. It could involve mechanisms that provide confidence without revealing everything. For example, both sides might agree to share certain technical summaries, evaluation results, or audit outcomes related to high-impact systems. They might also coordinate on red-team testing standards—so that when one side claims a system is constrained, the other has a basis to judge whether that claim is credible.
The key is that confidence-building measures in AI would have to be designed for a world where models change quickly. Unlike a nuclear stockpile, which is relatively stable over time, AI systems can be updated, fine-tuned, and re-deployed. So the pact would likely need a cadence: periodic reporting, continuous monitoring of compliance-relevant metrics, and clear procedures for what happens when a system is upgraded.
If done well, this would reduce the incentive to treat every new release as a potential escalation. It would also help prevent the “capability surprise” problem—where one side discovers too late that the other has crossed a threshold.
Lower risk of escalation through AI-driven competition
Even when states do not intend to use AI offensively, competition can create its own momentum. In military and intelligence contexts, the pressure to keep up can lead to rapid deployment, rushed integration, and reduced caution. AI accelerates this dynamic because improvements can be incremental yet compounding, and because the cost of experimentation can be lower than in many traditional domains.
A pact could address this by introducing friction where it matters most. If both sides agree that certain categories of high-impact AI will be developed under shared constraints—such as slower release timelines, mandatory safety evaluations, or limits on deployment in sensitive settings—then the competitive advantage of racing ahead diminishes.
This is not about making AI “slower” in general. It is about preventing the most dangerous form of acceleration: the kind that turns uncertainty into action. When leaders fear that the other side will deploy a capability first, they may feel compelled to respond quickly, even if they would prefer to wait. By creating predictable rules, the pact could reduce the perceived need for immediate countermeasures.
There is also a second escalation pathway: misinterpretation. AI systems can produce outputs that look like intent. For instance, automated influence operations or cyber probing can be framed as routine activity until it crosses a line. If both sides have agreed norms for what constitutes prohibited or restricted behaviour, then ambiguous actions become less ambiguous. That matters during crises, when communication channels are strained and decision-makers rely on signals that may be incomplete.
Built-in accountability and monitoring
Arms control lives or dies on verification. In the AI domain, verification is more complex, but not impossible. The pact would likely need a combination of technical audits, compliance reporting, and enforcement mechanisms that are credible enough to deter cheating.
One approach could involve third-party or joint evaluation processes for high-impact systems. Rather than requiring full disclosure of proprietary model weights or training data—which would be politically and commercially unacceptable—the parties could agree on standardised tests and documentation requirements. If a system passes certain safety and capability benchmarks, it could be certified for deployment within defined limits. If it fails, it would trigger remediation obligations.
Another possibility is monitoring at the level of deployment rather than training. Training can be hidden behind corporate secrecy and distributed compute. Deployment is harder to conceal once systems are integrated into operational workflows. So the pact might focus on what gets used, where it gets used, and under what constraints.
Accountability would also need to address the reality that AI systems can be adapted after deployment. A model released for one purpose can be fine-tuned for another. That means the pact would likely require controls on post-deployment modifications for high-impact systems—such as change logs, re-certification triggers, or restrictions on certain types of fine-tuning.
The most important element is that compliance cannot be purely voluntary. If the pact is to reduce insecurity, it must be enforceable in some way. Enforcement could be indirect—through reputational costs, export restrictions, or coordinated sanctions—or direct through agreed penalties. The exact design would depend on what both sides consider feasible.
Global ripple effects: standards travel faster than treaties
Even if the agreement is bilateral, its impact could be broader. Major powers set norms, and industries follow. If the US and China establish a shared framework for high-impact AI governance, other countries and companies may adopt similar standards to maintain access to markets, avoid regulatory fragmentation, or align with procurement requirements.
This is especially true for dual-use technologies. Companies that build AI systems for defence-adjacent applications often operate across borders, even when governments restrict certain exports. A US-China pact could therefore influence how firms classify risk, how they document evaluations, and how they structure internal compliance teams.
There is also a geopolitical effect. If the pact becomes a reference point, it could reduce the likelihood that smaller states are forced to choose between incompatible regulatory regimes. Instead of a patchwork of rules that complicates compliance, a shared framework could create a baseline expectation for safety and restraint.
At the same time, global ripple effects come with risks. If the pact defines high-impact capabilities narrowly, it could leave gaps that other actors exploit. If it defines them too broadly, it could stifle beneficial research and create incentives to route around the rules. That is why the pact’s definitions and thresholds would matter far beyond the two signatories.
A unique take: disarmament as “predictability engineering”
The phrase “technological disarmament” invites comparisons to nuclear treaties, but AI governance may require a different mental model. Nuclear arms control reduces the probability of catastrophic exchange by limiting stockpiles and clarifying intentions. AI disarmament, if it works, would reduce the probability of catastrophic misunderstanding by engineering predictability.
Predictability is not just about transparency. It is about aligning expectations for how systems will be developed, evaluated, and deployed. In other words, the pact would aim to make the future less surprising. That is a subtle but crucial shift. It recognises that the danger in AI