Project VAIL and University of Illinois just exposed the gap between what AI providers tell you and what they're actually serving. "Stable." "Healthy." "Online." Meanwhile the model changed. The inference stack changed. The quantization changed. A hardware failure at Parasail triggered a silent behavioral shift. You found out when your outputs broke. > Every AI-native application is built on an assumption nobody verifies: that the model endpoint you called yesterday is behaviorally identical to the one you're calling today. Providers update weights. They swap inference engines. They change quantization. They reroute requests across different hardware when nodes fail. None of this shows up in your uptime dashboard. None of it trips your latency alerts. The endpoint is "healthy" while everything that matters about it changes underneath. > Project VAIL built a fingerprinting system that actually watches this. Every few hours it samples outputs from a fixed prompt set, embeds them, and compares the resulting distribution against a baseline using energy distance statistics. When the distribution shifts beyond what permutation testing can attribute to noise, it declares a change event. No privileged access to weights. No provider cooperation required. Pure black-box behavioral monitoring. > Then they ran it against real providers serving real production models. The results were not subtle. Monitoring Kimi-K2-0905-Instruct across providers in November 2025, one provider triggered a change event on nearly every single fingerprint. Another provider Moonshot, the model's own creator showed 100% stability across the same period. Same model name. Same version string. Behaviorally unrecognizable across providers. > In December 2025, Stability Monitor flagged a change event for Parasail. > The Parasail team confirmed a hardware provider switch caused by a physical node failure. The model didn't change. The hardware did. The behavior changed anyway. The monitoring system caught it. Nothing else did. → Model family change: detected on next fingerprint after intervention → Version upgrade: detected on next fingerprint → Inference stack swap: detected on next fingerprint → Quantization change BF16 → INT8: detected on next fingerprint → Temperature change 0.7 → 0.6: detected after 18 fingerprints → Same model across providers: pairwise fingerprints show provider is identifiable by behavioral signature alone The security implication is the one nobody is discussing. When a model changes silently, the safety validation you ran last month no longer applies. The guardrails you built were tested against a specific behavioral profile. The endpoint is now running something different. Your compliance posture is built on a snapshot that expired without notice. Uptime monitoring tells you the server is responding. It tells you nothing about what the server is saying.