Dernière minute
FRFrappes russes sur Kiev : au moins 30 morts, Zelensky craignait une attaque «de grande envergure»RUВ Калининграде автомобиль сбил женщину с двумя детьми на тротуареRUВ Вашингтоне объявлен "красный код" качества воздуха из-за смога после салютаINSecurity tightened outside Mamata Banerjee's residence ahead of Baruipur visitUSFolarin Balogun Eligible for World Cup Round of 16 Match After Red Card Ban SuspendedAUVenezuelan Authorities Hinder Disaster Coverage Amidst Corruption and Human Rights AbusesINTLFIFA Suspends Balogun's Ban, Making Him Available for Belgium ClashAUTrump's Second Term: A 'Regime Change' Altering the PresidencyAUAustralia's Economic Paradox: Strong Growth, Low Sentiment, and Rising DebtINTLNigel Farage's Financial Entanglements: A Web of Crypto, Bullion, and Questionable FriendsFRFrappes russes sur Kiev : au moins 30 morts, Zelensky craignait une attaque «de grande envergure»RUВ Калининграде автомобиль сбил женщину с двумя детьми на тротуареRUВ Вашингтоне объявлен "красный код" качества воздуха из-за смога после салютаINSecurity tightened outside Mamata Banerjee's residence ahead of Baruipur visitUSFolarin Balogun Eligible for World Cup Round of 16 Match After Red Card Ban SuspendedAUVenezuelan Authorities Hinder Disaster Coverage Amidst Corruption and Human Rights AbusesINTLFIFA Suspends Balogun's Ban, Making Him Available for Belgium ClashAUTrump's Second Term: A 'Regime Change' Altering the PresidencyAUAustralia's Economic Paradox: Strong Growth, Low Sentiment, and Rising DebtINTLNigel Farage's Financial Entanglements: A Web of Crypto, Bullion, and Questionable Friends
Newsgather
BackChina-based actors increasingly targeting US AI tech via human vulnerabilities, report says
China-based actors increasingly targeting US AI tech via human vulnerabilities, report says
En développement
CNBC World4 g önceTech5 dk okuma

China-based actors increasingly targeting US AI tech via human vulnerabilities, report says

L'essentiel

  • China-based actors are increasingly targeting US artificial intelligence technology, moving beyond tech-based attacks to exploit human vulnerabilities.
  • This shift includes targeting company roadmaps, supply chains, and even new employees, with allegations of state-directed espionage costing the US economy billions annually.

Résumé généré par IA

Pourquoi c'est important

Cyberattacks targeting US AI technology are evolving from technical exploits to human vulnerabilities, with China-based actors playing an increasing role. This trend is fueled by the escalating AI race between the US and China.

Taille de police

Bill Hinton | Moment Mobile | Getty Images

Cyberattacks aimed at stealing American artificial intelligence technology are increasingly expanding from tech-based attacks to the exploitation of human-level vulnerabilities, with China-based actors playing a growing role.

"As the AI race has heated up, the [People's Republic of China] has targeted the tech sector increasingly," said Matt Pearl, director of the strategic technologies program at the U.S.-based think tank Center for Strategic and International Studies.

Rather than focusing on a specific trade secret, such as hardware designs, the hackers have broadened their interest to anything that could narrow the three- to four-month AI gap with the U.S., Pearl said. That, he said, ranges from understanding a company's product roadmap, particularly in highly competitive sectors, to identifying weaknesses in supply chains.

The alleged cases are already piling up.

In June, U.S.-based cybersecurity giant CrowdStrike said Chinese entities accounted for more than half of state-sponsored intrusions targeting technology companies, especially their AI assets, in the 12 months through March 31.

watch now

American tech start-up Anthropic has also accused Chinese companies, including Alibaba , of illicit attempts to steal its AI capabilities. Alibaba did not respond to a request for comment.

Last year, U.S.-based AI content detection startup Copyleaks said the responses generated by Chinese startup DeepSeek's R1 model resembled those produced by OpenAI's ChatGPT nearly three-quarters of the time, suggesting the open-source Chinese model may have been trained on the U.S.-developed one.

"We haven't seen [the same stylistic match] in other LLMs," said Alon Yamin, CEO and co-founder of Copyleaks.

DeepSeek and OpenAI did not immediately respond to requests for comment.

Brian Abbott, founder and CEO of U.S.-based start-up Agentiq Capital, told CNBC in June that he believed an employee he hired from China last year was an agent of Beijing who purposely altered code and website content to prevent the company from getting venture capital funding.

Abbott alleged the employee replaced references to "ASI," or artificial superintelligence, with "fintech," a once-trending term that many investors have soured on.

The individual was dismissed earlier this year, Abbott said, and the company filed a complaint with the FBI. CNBC was unable to independently verify the allegation.

"China's economic espionage campaign is a continuing threat that costs the American economy hundreds of billions of dollars per year and puts our national security at risk," the FBI said in a statement to CNBC.

"The FBI prioritizes investigating any potential theft of US technology by foreign actors and remains unwavering in our commitment to protect the homeland."

The Cyberspace Administration of China and the U.S. Department of State did not offer a comment when contacted by CNBC. None of the individuals interviewed for this piece said they had heard of a similar instance of state-directed subversion of U.S. technology.

Graham Webster, editor-in-chief of Stanford University's DigiChina Project, said distinguishing state-sponsored espionage from individual or corporate-level efforts can be difficult.

He also pointed out that the conversation about Chinese AI is also affected by major U.S. companies gearing up for major initial public offerings.

"[The] narrative is overtaking reality in a lot of decisions," Webster said.

"The U.S. government is trying to hold China back to some extent," he added, referring to technology export controls. "We should not be surprised that the Chinese government tries otherwise."

Start-ups more at risk

Capital has been a defining driver of the AI race so far, with start-ups racing to rival tech giants or position themselves for acquisitions.

But that's also created "cyber poverty lines" where small businesses lack the resources of large companies to defend against cyberattacks, said Cliff Steinhauer, director of information security and engagement at the non-profit National Cybersecurity Alliance.

Human vulnerabilities often pose the greater risk, Steinhauer said, particularly as attackers rely on "social engineering" tactics amplified by AI-powered content campaigns.

Cyberattacks can also target new or contracted employees to breach systems.

"We've seen a lot of cases within our company, new employees that are joining the company, immediately they're a target of cyberattacks to get access to our AI models," Copyleaks' Yamin said. He expects to see more such cases.

Government and company-led efforts also impact start-up operating costs.

Anthropic on June 11 announced a program called Claude Corps to train 1,000 people in AI and match them with non-profits in the U.S. Meanwhile in China, policymakers have rolled out significant AI support, including free or subsidized computing power and rent-free office space for start-ups.

Isaac Stone Fish, founder and chief executive of consultancy Strategy Risks, said Beijing tends to focus more heavily on large corporations, but startups remain especially exposed since they don't necessarily have cyber expertise.

"And Beijing's attempt[s] have certainly increased over the last 18 months, since the release of DeepSeek really kicked off the US-China AI race," Stone Fish said.

"Beijing wants to ensure that Chinese companies are at the vanguard of the global AI race," he said. "One way that it does that is by sometimes working to suppress the development of American AI companies, through supply chain restrictions, employee harassment, hacking, targeted government subsidies of copycat competitors, among other strategies."

"We've seen a lot of cases within our company, new employees that are joining the company, immediately they're a target of cyberattacks to get access to our AI models," Copyleaks' Yamin said. He expects to see more such cases.

For startups, balancing rapid innovation with security remains a challenge.

Abbott said the employee he hired was initially willing to work for free, and eventually received a few thousand dollars a month in addition to stock options, before the firing.

"If we paid everybody market rate, for a scrappy start-up I could never afford to do this," he said, emphasizing the "need to secure our economy of start-ups stateside."

À surveiller

Perspective IA — des possibilités, pas des certitudes

  • More US startups will fall victim to human-based cyberattacks targeting AI technology.

    Probable · En quelques mois

  • Increased government scrutiny and potential new regulations on AI technology export controls.

    Possible · En quelques mois

Questions ouvertes

  • What specific measures are being taken to counter these human-based exploits?
  • How will US companies adapt their security protocols to address these new threats?
  • What is the full extent of China's involvement in these espionage campaigns?

Sujets liés

This article was originally published by CNBC World.

Articles liés

Plus sur ce sujetcybersecurity