Lawmakers Launch Inquiry into Cybersecurity Risks of Chinese AI Models in US Critical Infrastructure

The U.S. House Committee on Homeland Security and the House Select Committee on China have opened a joint investigation into the national security and cybersecurity risks posed by Chinese-origin AI models deployed in critical infrastructure. The probe targets low-cost, open-weight, and API-accessible systems from firms like DeepSeek, Alibaba, Moonshot AI, and MiniMax. Lawmakers are concerned that these models may be leveraging unauthorized distillation techniques to extract capabilities from leading U.S. frontier AI models—such as those from OpenAI and Anthropic—then repackaging them into cheaper systems that lack equivalent safety guardrails. This follows an April 2026 White House memo warning of industrial-scale distillation campaigns by Chinese entities. As a first step, committee chairs sent letters to Anysphere (developer of Cursor) and Airbnb, flagging risks tied to their use of PRC-developed AI. Notably, Cursor's Composer 2 model was reportedly built on an open-weight model from Moonshot AI, a firm publicly implicated in large-scale distillation. The letters warn that these practices undercut billions in U.S. AI investment and could make weapons-enabling capabilities available to hostile actors. The investigation also scrutinizes Cursor’s partnership with Chainguard, an open-source security firm, to steer AI-generated code toward vetted components—an apparent admission that agentic coding outpaces human review and that the integrity of downstream software depends heavily on model provenance.