Chairmen Garbarino, Moolenaar Announce Joint Investigation into National Security Risks Posed by PRC AI Models

WASHINGTON, D.C. -- Today, House Committee on Homeland Security Chairman Andrew R. Garbarino (R-NY) and House Select Committee on China Chairman John Moolenaar (R-MI) announced a joint investigation into the national security and cybersecurity risks posed by the growing adoption of PRC-developed artificial intelligence models, including low-cost, open-weight, and API-accessible systems developed by Chinese companies such as DeepSeek, Alibaba, Moonshot AI, and MiniMax.

The investigation comes amid growing concern that PRC-based AI companies are using unauthorized model distillation and other illicit techniques to extract capabilities from leading American frontier models, then repackaging those capabilities into lower-cost models without the same safeguards included in the original American models, which are then marketed or made available to U.S. companies, developers, and consumers. While model distillation can be a legitimate AI development technique, distillation conducted through fraudulent accounts, proxy networks, evasion of access restrictions, or violations of U.S. companies' terms of service raises serious concerns about model provenance, intellectual property, cybersecurity, and supply-chain risk.

Read more in Semafor via Rachyl Jones

As an initial step in the probe, the Chairmen sent letters to Anysphere and Airbnb, raising concerns about the companies' use of or exposure to these risks through PRC-developed AI. The letters also follow an April 2026 memo from the White House Office of Science and Technology Policy warning that foreign entities, primarily based in China, are conducting deliberate, industrial-scale campaigns to distill U.S. frontier AI systems through proxy accounts and other coordinated methods.

In the letter to Anysphere, the Chairmen focus on Cursor's Composer 2 model, which was reportedly built on an open-weight model developed by Moonshot AI, one of the PRC-based companies publicly implicated in large-scale distillation campaigns targeting American AI systems.

In the letter to Anysphere, the Chairmen write, "The billions of dollars American companies invest in foundational research, compute infrastructure, and security engineering is being undercut by a sustained extraction campaign conducted at a fraction of the cost of independent development. This threat is not limited to commercial harm. American frontier AI laboratories invest heavily in security testing and in building guardrails designed to prevent their models from being used to develop weapons, automate software vulnerability discovery and exploitation, generate tailored disinformation, or assist in the synthesis of dangerous chemical or biological agents. When capabilities are stripped out through distillation and repackaged without equivalent safeguards, the resulting models may become available to hostile state actors, terrorist organizations, and criminal enterprises."

The Chairmen conclude, "These issues are unfolding against a broader and accelerating strategic shift. PRC-developed open-weight AI models have experienced rapid global adoption. In late 2024, PRC models reportedly accounted for an estimated one percent of global AI workloads. By the end of 2025, that share had reportedly grown to an estimated 30 percent. PRC-developed models also have been reported to exhibit censorship aligned with Chinese Communist Party (CCP) positions on politically sensitive topics, and federal testing has found that leading PRC models echoed CCP-approved narratives at rates far exceeding comparable American systems. Beijing has been explicit in its view that the global distribution of open-weight AI serves PRC strategic interests. What is at issue, therefore, is not simply market competition, but the growing risk that software systems used across the American economy, government, and defense industrial base will come to depend on models developed by PRC-linked laboratories and shaped by PRC strategic objectives."

Read the full letter here.

In a separate letter to Airbnb, the Chairmen request additional information regarding the company's reliance on an AI model developed by a PRC-based company, Alibaba, for customer service operations. The Chairmen raise concerns about the company's preference for PRC-developed technology, which could present serious security implications for their consumers and the integrity of their systems.

In the letter to Airbnb, the Chairmen write, "[Airbnb] recently stated publicly that Airbnb is relying on Qwen over American alternatives because it is 'fast and cheap.' The Committees have serious concerns about the national security and data-security implications of that approach for Airbnb's American customers and for the integrity of its systems."

The Chairmen conclude, "[T]he spread of Chinese open-weight AI models carries consequences well beyond ordinary software adoption preferences… American firms adopting these models are not simply choosing a cheaper tool, they are importing an architecture designed to serve the Chinese state. On April 23, 2026, the White House Office of Science and Technology Policy issued a memorandum formally characterizing PRC distillation operations as deliberate, industrial-scale campaigns and concluded that '[t]here is nothing innovative about systematically extracting and copying the innovations of American industry, and there is nothing open about supposedly open models that are derived from acts of malicious exploitation.' That assessment reflects a growing consensus that passive reliance on PRC-origin AI is not a neutral commercial decision but a national security choice with consequences extending well beyond any single company's bottom line."

Read the full letter here.

Background:

In March 2026, the Subcommittee on Cybersecurity and Infrastructure Protection held a hearing to evaluate the growing national security and economic risks posed by AI, robotics, and autonomous sensing technologies developed by companies linked to the PRC. Witnesses testified that technologies developed within adversarial controlled ecosystems can create significant vulnerabilities, enable surveillance, expose sensitive data, and provide access to critical infrastructure systems.

In December 2025, the Subcommittee on Cybersecurity and Infrastructure Protection and the Subcommittee on Oversight, Investigations, and Accountability convened a hearing to examine threats associated with emerging technologies like AI, quantum computing, and hyperscale cloud infrastructure, as well as opportunities to leverage this technology to strengthen American cyber defenses. The hearing came after Chairman Garbarino, Subcommittee on Cybersecurity and Infrastructure Protection Chairman Andy Ogles (R-TN), and Subcommittee on Oversight, Investigations, and Accountability Chairman Josh Brecheen (R-OK) sent letters to Anthropic, Google, and Quantum Xchange, which were prompted by Anthropic's report assessing with high confidence that a PRC state-sponsored cyber actor used the company's AI systems to conduct a largely autonomous cyberattack with minimal human oversight.

That month, Chairmen Garbarino and Moolenaar, along with other congressional Republicans, sent a letter to the Department of War, urging it to list Deepseek, Gotion, Unitree, Wuxi, and 13 other companies as Chinese military companies, thereby restricting the Department's ability to contract with them. The Chairmen also joined House Republicans in November 2025 in sending a letter to Secretary of Commerce Howard Lutnick, recommending an investigation of products developed by known adversaries in critical and emerging industries, warning that the PRC leverages their innovations as instruments of state influence.

###

Homeland Security Committee Republicans