Qwen3.6-35B-A3B

Released April 16, 2026 under Apache 2.0, enabling fully unrestricted self-hosting with no licensing fees or training-data obligations on the operator — weights are publicly available on Hugging Face and ModelScope (source: https://github.com/QwenLM/Qwen3.6).

Alibaba Cloud (the operator) holds SOC 2 Type 2, ISO 27001, ISO 27017, ISO 27018, and GDPR compliance certifications for its cloud infrastructure (source: https://www.alibabacloud.com/help/en/functioncompute/fc-2-0/compliance-certifications-of-function-compute), but these apply to the cloud platform, not to the model's alignment or output safety.

The Qwen model family has publicly documented jailbreak susceptibility — KELA, PointGuard, and Adversa AI all found Qwen 2.5 variants highly vulnerable to prompt-injection and persona-based jailbreaks; Alibaba has responded with the Qwen3Guard safety guardrail model (released September 2025) but its integration with Qwen3.6 is not documented in the model card (sources: https://www.kelacyber.com/blog/follow-up-alibabas-qwen2-5-vl-model-is-also-vulnerable-to-prompt-attacks/, https://arxiv.org/pdf/2510.14276).

Alibaba Group is subject to China's National Intelligence Law, which requires cooperation with government intelligence activity; this is a geopolitical risk factor for cloud-API users handling sensitive or regulated data, regardless of the model's technical merits (source: https://warontherocks.com/2026/04/chinas-ai-is-spreading-fast-heres-how-to-stop-the-security-risks/).

The official User Guide is listed as 'coming soon' in the GitHub README, and the Qwen Studio privacy policy at chat.qwen.ai is JS-rendered and not machine-readable — training-data rights for cloud-API users cannot be independently verified from publicly accessible policy text (source: https://github.com/QwenLM/Qwen3.6).