CrowdStrike: China Behind 58% of State Cyberattacks on AI Firms

Chinese Espionage Dominates Tech Sector Threats

Cybersecurity firm CrowdStrike disclosed Tuesday that Chinese-affiliated threat actors accounted for more than 58% of state-sponsored cyberattacks targeting technology companies over the past year, with artificial intelligence assets emerging as the primary objective.

The finding comes from CrowdStrike's analysis of cyber incidents during the 12-month period ending March 31, 2026. According to the company, these attacks represent a strategic effort to acquire AI capabilities that China has struggled to develop domestically under U.S. export restrictions on advanced training chips.

"China-nexus adversaries are escalating espionage against technology organizations to steal the AI capabilities and intellectual property they cannot build fast enough on their own," CrowdStrike stated in its report, first detailed by CNBC.

Attack Patterns and Targets

The Chinese-affiliated operations demonstrated both geographic breadth and technical sophistication. CrowdStrike identified attacks targeting government communications infrastructure across Southeast Asia, while North American technology organizations faced persistent intrusions exploiting software vulnerabilities to maintain long-term access to corporate networks.

These findings align with complaints earlier this year from AI leaders Anthropic and OpenAI, which reported that Chinese entities were extracting competitive intelligence from their operations. Security analysts noted at the time that distinguishing legitimate research from illicit activity remains challenging in the AI sector.

Why it matters

The concentration of state-sponsored attacks on AI assets reflects how technological competition between the U.S. and China has evolved beyond hardware restrictions into a contest over algorithmic capabilities and training data. For enterprise technology leaders, the report underscores that AI development infrastructure—from model weights to training datasets—now represents critical intellectual property requiring enhanced security protocols. The persistent nature of these intrusions suggests adversaries are investing in long-term access rather than quick data grabs.

Broader Threat Landscape

CrowdStrike's report also documented North Korean cyber operations attempting to infiltrate IT workforces across North America, Europe, and Asia. Unlike the Chinese espionage campaigns, these efforts primarily aim to generate revenue for the North Korean regime rather than acquire technology.

The Cyberspace Administration of China did not respond to requests for comment on the findings.

In a related development, Anthropic released a public version of its newest AI model Tuesday, which the company has been marketing for cybersecurity applications. The model, called Claude Fable 5, received top rankings from Artificial Analysis, which noted it performs "nearly 5 points ahead of any other lab's best model." CrowdStrike is among the firms now deploying Anthropic's technology.

These details were first reported by CNBC.