Chinese hackers pose top AI espionage threat, CrowdStrike 12-month report says

China-linked hacking groups targeted US technology companies to steal artificial intelligence intellectual property over the past year, according to a CrowdStrike report.

China-linked hackers posed the biggest espionage threat to technology companies over the past year, CrowdStrike said in a report published June 9, as Beijing seeks to close the gap with the US in artificial intelligence.

"There is an AI arms race occurring between the US and China, and China intends to achieve global dominance by 2030," Adam Meyers, senior vice president and head of counter adversary operations at CrowdStrike, said.

The hacking campaigns align with the Chinese government's strategic priorities and a sustained interest in technology development, intellectual property and information with strategic and economic value, the report found. The technology sector was the most targeted industry by both foreign governments and cybercriminals during the 12-month period ending March 31, 2026. On April 23, the White House Office of Science and Technology Policy accused China-based entities of "deliberate, industrial-scale campaigns" to surreptitiously distill US-developed AI models for their own purposes, highlighting one recent example.

The findings come as frenzied valuations and investments in technology firms in and around the AI space make them high-value targets, Meyers said. The threat extends beyond major frontier labs to smaller, domain-specific model developers, he added, as the US and China compete for technological supremacy.

North Korean hacking campaigns also posed a major threat, the report said, particularly through a scheme in which operatives use fake identities to secure remote IT jobs at technology companies. The workers' salaries are largely funneled back to the Pyongyang government, and their positions inside the companies provide footholds for intelligence collection. Russian and Iran-linked hacking groups also heavily target US and other nations' technology sectors for intelligence collection and, at times, destructive malware attacks.

The report highlighted a 30% increase in advertisements from hackers selling access to various targets, alongside a broader rise in financially motivated cybercriminal activity directed at technology firms over the same period. CrowdStrike did not identify specific targeted companies.

A spokesperson for the Chinese Embassy in Washington said China opposes hacking activities and fights such activities in accordance with the law, and that it rejects "vilification and smears under the pretext of cybersecurity." The spokesperson added that during President Donald Trump's recent visit, the two heads of state had constructive exchanges on AI and agreed to launch government-to-government dialogue on the technology.

The report focused on threats to companies that research, develop or distribute computer hardware and technology, IT services and consulting, semiconductors, and software. These sectors represent the backbone of the US technology economy and have been frequent targets of state-sponsored cyber operations seeking to accelerate foreign competitors' development timelines.

The threat to AI companies is particularly acute given the strategic value of proprietary training data, model architectures, and deployment infrastructure. Frontier AI labs have invested billions of dollars in developing large language models and other generative AI systems, making them prime targets for nation-state actors seeking to compress years of research and development into a single breach.

For investors, the escalating cyber threat reinforces the demand environment for cybersecurity spending. CrowdStrike, which trades at roughly 28x forward earnings, stands to benefit as corporate clients increase budgets to defend against state-sponsored intrusions. The report also shows the strategic importance of AI intellectual property protection, a factor that could weigh on valuations of AI startups without strong security infrastructure. Cybersecurity firms with government-grade threat intelligence capabilities, including Palo Alto Networks and Mandiant, may see increased demand as the US-China technology rivalry intensifies. The cybersecurity sector has historically outperformed broader tech during periods of heightened geopolitical tension, as corporate and government buyers prioritize defense spending.

This article is for informational purposes only and does not constitute investment advice.