01
Cursor Composer 2 tied to undisclosed Kimi K2.5 model
A weekly AI policy and risk monitor reported that Cursor shipped Composer 2 on Moonshot AI’s Chinese Kimi K2.5 model and only disclosed the dependency after enterprise backlash. The report described it as a confirmed case of a US product deploying a Chinese open-source foundation model without upfront disclosure.
- Require explicit disclosure of underlying foundation models, hosting locations, and subcontractors in AI vendor contracts to avoid hidden provenance risk.
- Add a right-to-audit and a mandatory notification clause for model swaps, because forced re-platforming can break code-assist workflows, policies, and approvals.
- Treat IDE and code-assist tools as data-exfiltration vectors and validate what telemetry leaves the EU before enabling them on corporate repositories.
02
EU draft would expand AI Office oversight of GPAI
The same weekly report highlighted a European Parliament IMCO/LIBE joint mandate provision that would grant the EU AI Office exclusive supervisory competence over general-purpose AI models deployed within very large online platforms and search engines. The change would centralize oversight of major foundation models used across consumer and enterprise services.
- Build a vendor due-diligence checklist that maps to EU AI Act documentation (transparency, risk controls, incident handling) so you can request evidence consistently across suppliers.
- Plan for contract updates that cover logging, retention, and monitoring obligations, because tighter supervision can push vendors to change operational controls and DPAs.
- Prefer vendors that can demonstrate EU-ready governance artifacts and change-management processes, because enforcement-driven changes can disrupt production integrations.
03
Taiwan sets “key industries” with AI initiatives
Taipei Times reported that Taiwan is defining key national industries and building on “top 10 AI initiatives” and five “trusted industries” policies. The article said these efforts helped Taiwan improve its global AI ranking from 26th in 2023 to 16th.
- Treat GPU and advanced-chip availability as a strategic dependency in AI roadmaps, because national industrial policy in key semiconductor regions can affect capacity and lead times.
- Ask cloud and AI suppliers to document their hardware supply-chain resilience and contingency plans for constrained accelerators.
- Use “trusted industries” language as a benchmark when shaping internal AI governance and security requirements for critical functions (finance, energy, public sector suppliers).