Technical Deep Dive
The Rio-3.5-Open-397B incident is a textbook case of model merging abuse. The core technique involves using tools like `mergekit` (GitHub: arcee-ai/mergekit, 15k+ stars) to combine the weights of two or more pre-trained models into a single set of parameters. This is typically done via linear interpolation, SLERP (Spherical Linear Interpolation), or more advanced methods like TIES-Merging and DARE. In this case, analysis by community members showed that the Rio model's architecture—specifically the number of layers, attention heads, and hidden dimensions—matched Qwen 3.5-397B-A17B exactly. Weight-level comparisons revealed that approximately 60% of the parameters came from Qwen 3.5, with the remainder from Nex N2 Pro, a model fine-tuned for Portuguese language tasks.
| Model | Parameters | Architecture | Training Data | License |
|---|---|---|---|---|
| Qwen 3.5-397B-A17B | 397B (17B active) | MoE, 64 experts, 2 active | Multilingual (Chinese/English dominant) | Apache 2.0 |
| Nex N2 Pro | 7B | Dense Transformer | Portuguese-focused | MIT |
| Rio-3.5-Open-397B | 397B (claimed) | MoE (copied from Qwen) | None (merged weights) | MIT |
Data Takeaway: The Rio model's parameter count is identical to Qwen 3.5's, but its effective capacity is a direct copy. The MIT license on Rio's model is a red flag—it allows commercial use without attribution, which would be legally dubious if the underlying weights are derived from Apache 2.0-licensed Qwen.
The automated detection tools used by the community, such as `weight-diff` and `model-archeology` (a newer GitHub repo with 800+ stars), compare weight distributions and layer-by-layer cosine similarity. For Rio-3.5-Open-397B, the average cosine similarity with Qwen 3.5 across all layers was 0.97—far above the 0.85 threshold that typically indicates independent training. This level of similarity is only possible through direct weight copying or merging, not through fine-tuning or distillation.
Takeaway: The technical barrier to creating a convincing "new" model has collapsed. With tools like `mergekit` and publicly available weights, anyone can produce a 397B-parameter model in hours. The community must develop automated provenance verification systems—similar to software supply chain tools like `sbom`—to flag suspicious models before they gain traction.
Key Players & Case Studies
Several entities played critical roles in this saga:
- IplanRIO (Rio de Janeiro City IT Company): A government-owned IT services provider with no prior track record in AI research. Their sudden release of a 397B model was always improbable given the compute costs (training a 397B MoE model would require ~$10M+ in GPU time). Their apology blaming "operational error" is widely disbelieved, as the model's Hugging Face card included detailed performance claims and a blog post announcing it as "a milestone for Latin American AI."
- Alibaba's Qwen Team: The original creators of Qwen 3.5-397B-A17B, a Mixture-of-Experts model that achieved an MMLU score of 88.5 and cost approximately $4.50 per million tokens to run. Alibaba has not commented publicly, but the incident highlights the risks of open-weight models being repurposed without attribution.
- Nex-AGI: A Brazilian AI startup that developed Nex N2 Pro, a 7B-parameter model fine-tuned for Portuguese. Their formal accusation on GitHub was the final nail in the coffin. Nex-AGI's CEO, Carlos Menezes, stated: "We spent six months and $500k fine-tuning Nex N2 Pro. Seeing our work merged without credit is deeply damaging."
- Hugging Face: The platform where the model was hosted. Hugging Face has since removed Rio-3.5-Open-397B and updated its content moderation policies to require provenance documentation for models over 10B parameters. This is a significant policy shift.
| Entity | Role | Reputation Impact |
|---|---|---|
| IplanRIO | Perpetrator | Severely damaged; likely to face legal action from Alibaba and Nex-AGI |
| Alibaba Qwen | Victim (indirect) | Minimal; reinforced the value of their original work |
| Nex-AGI | Victim (direct) | Strengthened; gained community sympathy and visibility |
| Hugging Face | Platform | Mixed; proactive policy update but allowed initial upload |
Takeaway: The incident has created a new category of "AI fraud" that will likely lead to stricter platform policies and potential legal precedents. Nex-AGI has already announced plans to pursue copyright claims under Brazilian law.
Industry Impact & Market Dynamics
This event is not isolated. The open-source AI ecosystem is experiencing a proliferation of "Frankenstein models"—merged models that claim novelty but offer no real innovation. According to data from Hugging Face, the number of models uploaded per month has grown from 5,000 in January 2024 to 35,000 in May 2025, but the proportion of models with verifiable training provenance has dropped from 80% to 45%.
| Metric | Jan 2024 | May 2025 | Change |
|---|---|---|---|
| Monthly model uploads | 5,000 | 35,000 | +600% |
| Models with training provenance | 4,000 (80%) | 15,750 (45%) | -35% |
| Models using mergekit | ~200 (4%) | 12,000 (34%) | +30% |
| Verified independent training | 3,500 (70%) | 8,000 (23%) | -47% |
Data Takeaway: The ecosystem is being flooded with merged models. While merging can be a legitimate technique for combining strengths, the lack of transparency is eroding trust. Enterprises are increasingly demanding model cards that include full training logs, data sources, and compute budgets.
The economic implications are significant. Venture capital investment in open-source AI startups reached $12.8 billion in 2024, but the Rio incident could slow this. Investors now face higher due diligence costs to verify claims. Already, two major VC firms have announced they will require third-party audits for any model claiming >100B parameters.
Takeaway: The market will bifurcate into two tiers: high-trust models from established labs (OpenAI, Meta, Alibaba, Mistral) with verifiable provenance, and a "wild west" of merged models with uncertain quality. The latter will struggle to gain enterprise adoption, potentially stifling genuine innovation from smaller teams.
Risks, Limitations & Open Questions
The Rio incident exposes several unresolved risks:
1. Legal Liability: Who is responsible when a merged model violates licenses? If Rio-3.5-Open-397B was used in a commercial application, the user could face copyright infringement claims from Alibaba (Apache 2.0 requires attribution) and Nex-AGI (MIT license, but derivative work must be clearly marked). The legal landscape is untested.
2. Security Vulnerabilities: Merged models can inherit safety flaws from both parents. For example, if Qwen 3.5 had been fine-tuned to refuse harmful requests, but Nex N2 Pro had not, the merged model might bypass safety guardrails. No safety evaluation was performed on Rio-3.5-Open-397B before its release.
3. Ecosystem Pollution: Every fake model that gains attention diverts compute and human resources from genuine research. The community spent thousands of hours analyzing Rio-3.5-Open-397B—time that could have been spent on real problems.
4. Regulatory Backlash: Governments may impose mandatory registration or certification for open-source AI models. The EU AI Act already requires transparency for models used in high-risk applications. The Rio incident could accelerate calls for similar rules in Brazil, India, and other emerging markets.
Open Question: Can automated provenance verification keep pace with merging techniques? As tools like `mergekit` evolve to obfuscate weight origins (e.g., by adding random noise or reordering layers), detection will become harder. The cat-and-mouse game has just begun.
AINews Verdict & Predictions
Verdict: The Rio-3.5-Open-397B incident is a watershed moment for open-source AI. It proves that the current trust model—based on reputation and self-reporting—is broken. The community must adopt software supply chain security practices: cryptographic signing of model weights, automated provenance checks at upload time, and mandatory disclosure of all source models used in merging.
Predictions:
1. Within 6 months: Hugging Face and other major hubs will implement mandatory provenance attestation for models over 10B parameters. Models without verifiable training logs will be flagged or delisted.
2. Within 12 months: At least one major lawsuit will be filed against a model merger for copyright infringement. The outcome will set a legal precedent for derivative AI works.
3. Within 18 months: A new startup category—"AI provenance verification"—will emerge, offering services to audit model origins. This could become a $500M market.
4. Long-term: The open-source AI ecosystem will split into "certified" and "uncertified" tiers. Certified models will command premium pricing and enterprise adoption, while uncertified models will be relegated to hobbyist use.
What to watch next: The response from Alibaba and Nex-AGI. If they pursue legal action, it will define the boundaries of acceptable model merging. Also, watch for the release of `model-sbom` (Software Bill of Materials for AI), an open-source tool under development at Hugging Face that automatically generates a tree of all source models used in a merged model.