25 December 2023

China’s decades-long cyber theft could finally pay off in the Age of AI

JEFF GREENE AND JOSH LAWSON

China’s decades-long cyber theft could finally pay off in the Age of Artificial Intelligence. China has long stolen American data ranging from trade secrets to manufacturing knowhow and sensitive research. But few of those assets have appeared on black markets, and China has not overtly used the majority of data it has so aggressively acquired. That’s because effectively appropriating so many stolen secrets was a heavy lift, severely limited by personnel capacity, language skill, and individual expertise.

AI changes that equation, which will have serious implications for America’s economic and security interests.

China can now leverage stockpiles of proprietary data to train models that spot patterns no human would ever see, identify novel opportunities, and even generate new products across industry, science and defense. Strong “training data” make AI-driven insights more robust and actionable. But few have raised alarm over the ways AI makes hacked corporate data exponentially more valuable for strategic competitors, especially China, which reportedly outpaces the globe in 37 of 44 technology areas.

Last year, just weeks before ChatGPT showed the world what generative AI can do, the Biden administration’s National Security Strategy affirmed the oft-cited maxim that economic security is national security. Emergent AI tools now offer the Chinese Communist Party an unprecedented opportunity to derive economic benefit from secrets stockpiled over years, posing a substantial risk to American national security interests.

China’s windfall is not shared by the United States. American trade secrets are necessarily non-public and siloed across thousands of private corporations. No single U.S.-based entity holds all corporate data, much less feeds that data into AI models to identify new market opportunities. Simply put, China has built an enormous collection of AI training data lifted from innumerable non-public sources, all in addition to the vast pool of domestic data China collects on its citizens and companies.

That is why China’s longstanding hacking campaign is potentially so damaging: We must assume China can leverage its troves of stolen assets and domestic data to supercharge development of new products, gain a competitive edge, and identify critical vulnerabilities in American markets. They have both the means and the motive to seize this opportunity. And equivalent capabilities will be far less available to non-autocratic countries, where sensitive corporate data are appropriately dispersed widely across private entities.

Moreover, China’s AI-derived products and services will be hard to detect, because so many datapoints will shape those spinoffs. American businesses, the administration and Congress must prepare for a future of unfair competition in which Chinese offerings are built on an illicit cache of the globe’s intellectual property.

Increased deterrence and greater cyber resilience are necessary to combat this threat. U.S. and Australian law enforcement recently called out China for its data collection operations and encouraged private businesses to secure critical systems. That’s something, but a more deeply coordinated and aggressive campaign is needed to nudge China off course. Meaningful progress to secure American interest will, at minimum, require policymakers to recognize ways generative AI renders stolen data more valuable and to treat this economic challenge as the national security threat it is.

No comments: