← All episodes
Special · News ·14:07 ·May 20, 2026

The AI Model You Can't Approve — Qwen 3.7 & The 35-Hour Problem

Thirty-five hours of autonomous operation, a thousand tool calls per task, and five layers of Chinese infrastructure underneath. Qwen 3.7-Max is the moment enterprise AI procurement runs into a question most boards do not yet have a framework to answer.

The Promise

PROMISE RISK
Balanced

The Risk

What just landed in Hangzhou

Alibaba used yesterday’s Cloud Summit to announce three things at once. A new flagship model — Qwen 3.7-Max — that ranked thirteenth on the LM Arena leaderboard, alongside Qwen 3.7-Plus at sixteenth on vision. A new chip, the T-Head Zhenwu M890, that triples its predecessor’s performance. And a new server, the Panjiu AL128, that packages 128 of those accelerators into a single rack. Liu Weiguang called the combined stack China’s AI factory. He’s not exaggerating. Alibaba is the only AI and cloud company in China operating all five layers — chips, servers, cloud, models, and agent applications — under one roof.

The headline most outlets are running with is the agentic claim. 35 hours of continuous autonomous operation. More than 1,000 tool calls without performance degradation. Apply skepticism to the exact number. The direction is real.

The 35-hour problem

After 25 years in cybersecurity, I have a calibrated sense of which vendor numbers to trust. Even at half the duration, 35-hour autonomous operation breaks the classical AI governance model. Humans approving outputs before they ship does not work at 1,000 tool calls per task. The decision surface is too wide. The action surface is too fast.

Failure modes that were rare at the prompt level become statistically frequent at the agentic level. The math is one minus the probability of 1,000 consecutive successes, not one failure rate times 1,000. That math is unforgiving.

Layer that math onto a vendor stack you cannot audit and an agent runtime that may transmit 100,000-word context windows to PRC-hosted APIs across 35 hours of operation. A US enterprise running its agentic workloads through five PRC-controlled layers has data exposure no existing enterprise risk register currently models.

What every board should be asking

The capability convergence between US and Chinese frontier labs is, on the long arc, a Promise. The enterprise deployment question is, on the same evidence, a Risk. Both are correct simultaneously. The discipline is holding them at the same time.

Three questions worth tabling at the next board AI agenda item. What is your data residency framework for agentic workloads at this scale? What independent governance overlay are you applying to vendors you cannot audit? What is your concentration risk if PRC infrastructure hosts 30% of global AI workloads within 18 months?

If you cannot answer those three at your next meeting, your AI governance program has a gap. That is the action.