Beijing is escalating cyber espionage against technology companies as it tries to narrow the artificial intelligence gap with the United States, according to new warnings from cybersecurity firm CrowdStrike.
CrowdStrike warned of increasing cyberattacks from China-based entities aimed at stealing artificial intelligence technologies from U.S. tech companies.
The warning is based on CrowdStrike’s 2026 Technology Threat Landscape Report, which said China-nexus adversaries are escalating espionage against technology organizations to steal AI capabilities and intellectual property they cannot build fast enough on their own.
CrowdStrike said the technology sector has become the most targeted industry in the world, with China-nexus adversaries driving more than 58% of state-sponsored targeted intrusions against the sector.
AI race becomes a cybersecurity battlefield
The report suggests that artificial intelligence is no longer only a commercial race. It has also become a target for state-backed cyber operations.
Adam Meyers, CrowdStrike’s head of counter adversary operations, said China runs cyberespionage as industrial policy to close the AI innovation gap, adding that AI capabilities are now the prize adversaries want.
Reuters also reported that China-linked hackers posed the biggest espionage threat to technology companies over the past year, citing the same CrowdStrike findings.
The report covered activity from April 1, 2025 to March 31, 2026, and focused on threats to companies involved in computer hardware, IT services, consulting, semiconductors, and software.
Chinese groups named in report
CrowdStrike identified several China-linked groups involved in technology-sector targeting.
The company said MURKY PANDA, MUSTANG PANDA, OVERCAST PANDA, SUNRISE PANDA, and WARP PANDA targeted technology more than any other industry.
One campaign stood out in scale. CrowdStrike said MURKY PANDA’s password-spraying campaign alone affected more than 340 U.S.-based entities.
The report also warned that adversaries are not only targeting AI models but also the tools used to build them. CrowdStrike said attackers are turning developer ecosystems into attack vectors, including through fake AI tools, open-source compromise, and credential theft.
MSN-linked report points to spy recruitment domains
The warning comes as U.S. authorities also move against alleged Chinese intelligence recruitment infrastructure.
MSN reported that the U.S. seizure of 13 domains in an alleged Chinese spy recruitment plot, focused on websites that appeared to target people with access to sensitive government information.
Federal authorities announced the seizure of 13 internet domains tied to what the U.S. Justice Department called fake consulting firms designed to recruit current or former U.S. government and military employees.
The fake firms allegedly used job listings for consulting or analyst roles, then pressured applicants for exclusive or insider information.
U.S. Attorney Jeanine Pirro said the seizures showed that attempts to exploit Americans trusted with sensitive information would be “exposed and dismantled.”
China rejects espionage allegations
China has pushed back against the accusations.
Spokesperson for the Chinese Embassy in Washington said the allegation of a so-called Chinese espionage threat was “entirely fabricated” and amounted to “malicious slander.”
The embassy also said China opposes hacking activities and rejects what it called vilification under the pretext of cybersecurity.
Still, U.S. officials and cybersecurity researchers continue to warn that AI has become a strategic target. North Korea-linked actors used AI-enhanced personas and U.S. front companies to secure remote IT roles inside technology firms, while financially motivated attacks accounted for 65% of interactive operations against the sector.
For U.S. technology companies, the message is clear: AI systems, training data, model infrastructure, and developer tools are now high-value targets in a widening geopolitical technology race.
