Xiaomi MiMo-V2.5 and Poolside Laguna Lead Open Source AI Surge

Xiaomi released its MiMo-V2.5 and MiMo-V2.5-Pro models this week under MIT licensing, while U.S. startup Poolside launched its Laguna XS.2 model optimized for coding tasks. Both releases highlight a growing trend of high-performance open source alternatives challenging proprietary models from OpenAI and Anthropic.

According to VentureBeat, Xiaomi’s Pro model leads the open-source field with a 63.8% performance score on ClawEval benchmarks for agentic tasks. The models are available on Hugging Face for commercial use without licensing restrictions.

https://x.com/xiaomimimo/status/2048821516079661561

Xiaomi Models Excel at Token Efficiency

The MiMo-V2.5 series stands out for its efficiency in agentic “claw” tasks — AI systems that complete autonomous work like content creation, email management, and scheduling. Xiaomi’s ClawEval benchmark shows both models near the top-left quadrant, indicating high performance with minimal token usage.

This efficiency matters as more services adopt usage-based billing. Microsoft’s GitHub Copilot now charges per token rather than imposing rate limits, making token-efficient models more cost-effective for enterprise deployments.

The models support systems like OpenClaw, NanoClaw, and Hermes Agent, where users communicate through third-party messaging apps and delegate tasks to AI agents. Enterprise users can download, modify, and deploy the models locally or on private clouds under the permissive MIT License.

Poolside Enters U.S. Open Source Competition

San Francisco-based Poolside, founded in 2023, launched two Laguna models targeting coding workflows. The company positions its models as affordable alternatives to proprietary options while maintaining competitive performance.

Poolside’s release includes a coding agent harness called “pool” and a web-based development environment named “shimmer.” According to VentureBeat, the Laguna XS.2 model focuses on local agentic coding tasks, allowing developers to run AI-powered code generation without cloud dependencies.

The startup’s entry represents a notable shift, as most high-performance open source models have emerged from Chinese companies like DeepSeek and Xiaomi rather than U.S. firms focused on proprietary development.

Security Concerns Shadow Open Source Growth

While open source models gain adoption, security researchers warn of increasing abuse. Acronis identified nearly 600 malicious skills across 13 developer accounts on ClawHub, designed to distribute trojans, cryptominers, and information stealers.

The attacks exploit trust relationships between users and AI platforms. Threat actors embed hidden instructions through indirect prompt injection, causing AI systems to download and execute malicious code without user awareness. Two accounts — hightower6eu with 334 malicious skills and sakaen736jih with 199 — contained most identified threats.

One payload targeting macOS users deploys the Atomic macOS Stealer (AMOS), demonstrating how attackers shift from traditional malvertising to poisoning trusted AI distribution channels. The modular architecture of AI skills allows execution of external code with high privileges, creating new attack vectors.

Cisco Addresses Model Provenance Challenges

To combat these risks, Cisco released its Model Provenance Kit as an open source tool for tracking AI model lineage. The tool addresses issues with third-party models from repositories like Hugging Face, where organizations often lack visibility into model modifications and vulnerabilities.

Model developers’ claims about source, vulnerabilities, and training biases frequently go unverified, introducing security and compliance risks. Without provenance tracking, enterprises cannot trace incidents to root causes or determine which models in their stack share vulnerabilities.

The kit helps organizations verify model claims and maintain supply chain integrity. This becomes critical as government regulations increasingly require documentation of AI system usage, and enterprises face liability for biased or compromised models in production applications.

What This Means

The simultaneous release of high-performance open source models from Xiaomi and Poolside signals intensifying competition with proprietary alternatives. Xiaomi’s focus on token efficiency addresses real cost concerns as AI services move to usage-based pricing, while Poolside’s coding specialization targets a lucrative developer market.

However, the security incidents highlight growing pains in open source AI ecosystems. As these platforms gain adoption, they attract malicious actors seeking to exploit trust relationships and modular architectures. Organizations adopting open source models must balance cost savings and flexibility against security risks and supply chain integrity concerns.

The emergence of tools like Cisco’s Model Provenance Kit suggests the industry recognizes these challenges. Success in open source AI will likely depend on solving both performance and security problems simultaneously.

FAQ

What makes Xiaomi’s MiMo-V2.5 models different from other open source options?
The MiMo-V2.5 series offers high performance on agentic tasks while using fewer tokens than competitors, making them more cost-effective for production use. They’re released under MIT licensing, allowing commercial modification and deployment without restrictions.

How do security risks in open source AI models compare to proprietary alternatives?
Open source models face unique risks from malicious contributions and indirect prompt injection attacks through community platforms. However, they also offer transparency advantages, allowing organizations to audit code and verify claims that proprietary models cannot provide.

What should enterprises consider when adopting open source AI models?
Organizations should evaluate token efficiency for cost management, verify model provenance and security, ensure licensing compatibility with commercial use, and implement monitoring for supply chain integrity. Tools like Cisco’s Model Provenance Kit can help track model lineage and vulnerabilities.