The U.S. House Committee on Homeland Security, in collaboration with the House Select Committee on China, has initiated a joint investigation into national security and cybersecurity threats linked to the growing use of artificial intelligence (AI) models developed in China. This inquiry specifically targets low-cost, open-weight, and API-accessible systems, including those from companies like DeepSeek, Alibaba, Moonshot AI, and MiniMax. Lawmakers are scrutinizing allegations that some Chinese AI providers may be extracting capabilities from leading American models without authorization and repackaging them into cheaper systems that may lack necessary safety measures.
As a preliminary action in this investigation, Andrew R. Garbarino, a Republican from New York and chairman of the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection, along with John Moolenaar, a Republican from Michigan and chair of the House Select Committee on the Strategic Competition between the United States and the Chinese Communist Party, have reached out to Anysphere and Airbnb. They express concerns regarding these companies’ potential exposure to risks associated with PRC-developed AI.
This investigation follows a memo from the White House Office of Science and Technology Policy in April 2026, which warned that foreign entities, primarily from China, are conducting large-scale operations to distill U.S. frontier AI systems via proxy accounts and other orchestrated methods. The inquiry highlights increasing unease surrounding the potential misuse of unauthorized model distillation techniques to siphon capabilities from advanced U.S. models, which could then be marketed to American developers and organizations.
The letter to Anysphere emphasizes the Cursor’s Composer 2 model, reportedly built on an open-weight model from Moonshot AI, a company implicated in extensive distillation efforts targeting American AI systems. The Chairmen highlighted that “the billions of dollars American companies invest in foundational research, compute infrastructure, and security engineering is being undercut by a sustained extraction campaign conducted at a fraction of the cost of independent development.” They warned that without equivalent safety measures, these repackaged models could be exploited by hostile state actors and criminal enterprises.
In February 2026, Cursor announced a partnership with Chainguard, an open-source security company aimed at steering AI-generated code toward vetted open-source components. This collaboration seeks to minimize the risk that developers inadvertently incorporate vulnerable or malicious libraries in production environments. The letter to Anysphere noted that this development reflects an acknowledgment that AI development can rapidly outpace ordinary human review, emphasizing that security in such environments is contingent upon the integrity of the packages and libraries involved.
The committee is requesting extensive records from Anysphere as part of the investigation, specifically related to national security risks tied to the theft of U.S. AI capabilities. This includes any affiliations with Chinese AI firms such as DeepSeek, MiniMax, ByteDance, and Tencent, as well as licensing arrangements and technical collaborations. Responses are required by May 13, 2026, along with documentation on Anysphere’s use of Moonshot AI’s Kimi K2.5 model in its products.
Similarly, the letter to Airbnb raises alarms over the broader pattern of PRC-based AI labs allegedly employing adversarial distillation to extract capabilities from leading U.S. models. The lawmakers are particularly concerned about Airbnb’s reported use of Alibaba’s Qwen model for customer service, citing its “fast and cheap” performance while warning of national security risks. The letter outlines concerns regarding ideological control, elevated safety vulnerabilities, and data exposure risks due to the legal obligations of PRC entities to cooperate with state authorities.
The committees have requested extensive documentation from Airbnb related to its use of Chinese-developed AI systems, including how these models are deployed and accessed. Additionally, they seek detailed technical disclosures regarding data flows to PRC-linked model providers and internal analyses comparing PRC and non-PRC models. Responses from Airbnb are also required by May 20, 2026, along with an appearance by appropriate personnel for an in-person briefing.
Earlier this year, the Subcommittee on Cybersecurity and Infrastructure Protection convened a hearing to address the economic and national security risks posed by AI technologies developed by companies with ties to the PRC. Testimonies highlighted that technologies developed in adversarial environments could pose significant vulnerabilities and enable surveillance, thereby threatening sensitive data and critical infrastructure.
As AI systems continue to advance, the World Economic Forum has indicated that new technologies, such as Anthropic’s Mythos, could fundamentally alter the landscape of cybersecurity. The emergence of machines capable of autonomously identifying vulnerabilities and generating exploits underscores the urgent need for robust security frameworks capable of keeping pace with the evolving threats posed by AI-driven cyber risks.
See also
Tesseract Launches Site Manager and PRISM Vision Badge for Job Site Clarity
Affordable Android Smartwatches That Offer Great Value and Features
Russia”s AIDOL Robot Stumbles During Debut in Moscow
AI Technology Revolutionizes Meat Processing at Cargill Slaughterhouse
Seagate Unveils Exos 4U100: 3.2PB AI-Ready Storage with Advanced HAMR Tech
