Until recently, Chinese espionage was mostly associated with hackers, infected computers, and smartphones secretly sending data to servers in China. However, the reality is changing — and the new trend may be far more dangerous than previously thought.
These are the findings of a new report by the Information Technology and Innovation Foundation (ITIF), which shows that China’s efforts to acquire Western technologies have become systematic and multi-layered. Beyond traditional cyberattacks, “insider threats” — risks originating from within companies, often through employees or contractors — are now playing an increasingly important role.
These individuals, often unknowingly, leak classified data or proprietary know-how protected by law. According to the report, some are recruited through official talent programs such as the “Thousand Talents Program,” which ostensibly aims to attract U.S. and European experts to work with Chinese research and technology institutions.
ITIF warns that this phenomenon has become one of the most dangerous tools of economic intelligence, as it enables access to critical information without the need for hacks or breaches. Chinese firms — and their subsidiaries operating in the U.S. — are often used as intermediaries in this process, hiring American engineers, scientists, and managers to facilitate the transfer of knowledge. As a result, “knowledge transfer” takes place in a way that is technically legal, but with serious implications for U.S. technological security.
The report makes it clear that the American counterintelligence and industrial security systems are struggling to keep pace with the scale and speed of China’s information-gathering operations. While U.S. agencies have traditionally focused on defending against external cyberattacks, the greatest threat today comes from within — a risk for which few organizations are adequately prepared.
The authors recommend a broader approach to protecting technological assets, including tighter control over data flows and more rigorous oversight of scientific collaborations and investments in advanced technology sectors.
According to ITIF, an effective counter-espionage strategy requires close coordination between government, corporate, and academic institutions. Key measures include developing risk assessment frameworks for foreign partnerships and strengthening information-sharing between private companies and intelligence services.
Without such fundamental safeguards, U.S. companies will remain vulnerable to subtle, long-term data leaks that could erode the technological advantage of Western firms in strategic areas such as semiconductors, biotechnology, and artificial intelligence.