The Model Provenance Problem or: How I Learned to Stop Worrying and Love the BOM

When a developer noticed an unexpected model ID in Cursor's AI coding assistant, it accidentally exposed a hidden supply chain: a mainstream Western product quietly built on Kimi K2.5, a foundation model from Beijing-based Moonshot AI. This post argues that the Cursor incident is not an outlier — it's a symptom. As Chinese open-weight models become the cost-effective backbone of global AI products, provenance is disappearing from the stack. For the UK's defence, intelligence, and public sector, that invisibility is a concrete security risk, not a theoretical one. We make the case for an AI Bill of Materials standard, mandatory base-model disclosure in public procurement, and UK leadership on international supply chain transparency norms — before the question of what's inside our AI gets answered in far less convenient circumstances.

Read the full article here