This report examines PRC-linked intellectual property (IP) theft and associated trends across technology, research, and industrial ecosystems. Current reporting indicates that these efforts extend beyond isolated cyber intrusions and increasingly leverage a combination of insider access, trusted professional relationships, persistent cyber activity, and indirect acquisition methods designed to accelerate Chinese technological development.
EdgeTheory’s AI Intelligence analytics evaluate how discussions surrounding PRC collection activity develop across public reporting, social media environments, and adversarial narrative ecosystems to identify emerging indicators of targeted technology and evolving TTPs (techniques, tactics, and procedures). By monitoring narratives over time, EdgeTheory analytics surfaced real-time intelligence into targeted technologies, organizational exposure, collection tactics, and public perceptions of espionage activity. This assessment draws on Narrative Intelligence (NARINT) methodologies, EdgeTheory watches, open-source reporting, and narrative analysis tools to identify recurring patterns and translate emerging signals into analytical judgments regarding future areas of risk, potential collection priorities, and implications for defensive planning.
PRC-linked intellectual property theft represents a persistent economic and national security threat to the U.S. It increasingly exploits both technical and social engineering TTPs. The decentralized nature of these operations complicates attribution and creates uncertainty regarding future targeting priorities. The purpose is not to predict a single future PRC action, but to reduce uncertainty around two core questions:
Understanding these patterns enables decision-makers to prioritize defensive resources, harden vulnerable systems, and identify potential collection pathways before compromise occurs.
On May 12, EdgeTheory deployed EdgeRunner, a source discovery AI agent tasked with identifying sources discussing PRC economic espionage, AI theft, or other narratives that could provide indicators of adversarial intellectual property theft. By programming the agent’s evaluation metrics to prioritize underreported Telegram channels, within minutes EdgeRunner reasoned and identified over 250 channels to monitor.
EdgeTheory deployed EdgeRunner, a source discovery AI agent tasked with identifying sources discussing PRC economic espionage, AI theft, or other narratives that could provide indicators of adversarial intellectual property theft.
These sources were used to populate live EdgeWatches, enabling analysts to review over 1,700 narrative items indicating Chinese IP theft activity just from the last 4 days. The sources and narrative items identified by EdgeRunner were directly deployed within EdgeWatch analytic frameworks, enabling analysts to employ structured analytics including:
EdgeRunner continues to monitor social media platforms and enrich data modules to improve analytics.
Reporting indicates PRC-linked actors are focused on acquiring U.S. artificial intelligence systems, semiconductor designs, advanced computing infrastructure, cloud architecture, aerospace technology, telecommunications systems, quantum research, biotechnology, and manufacturing processes rather than only finished commercial products.
Cases involving AI firms, universities, industrial research, and talent recruitment activity indicate PRC-linked actors consistently leverage professional access, academic collaboration, and embedded personnel to obtain proprietary engineering knowledge, operational workflows, and long-duration visibility into sensitive technology environments with lower attribution risk than traditional cyber intrusions.
Detected activity demonstrates increasing PRC reliance on low-visibility acquisition methods that complicate detection and attribution. Observed activity includes compromise of cloud and virtualization environments to access sensitive data through third-party infrastructure, exploitation of managed IT providers to reach downstream victims, and repeated interaction with AI systems to extract technical information through prompt-based collection and model manipulation. Reporting also indicates PRC-linked actors acquire surplus hardware for reverse engineering and residual data recovery, while using research partnerships, university collaboration programs, talent recruitment initiatives, and employee recruitment to gain access to sensitive research and proprietary technology.
Cases involving Google engineer Linwei Ding, Harvard-affiliated chemical researcher Charles Lieber, and PRC talent recruitment programs demonstrate how PRC-linked actors use employee recruitment, university partnerships, and insider access alongside technical collection to obtain AI infrastructure data, advanced research, and proprietary engineering information with reduced operational visibility.
The strongest indicators point to artificial intelligence, telecommunications infrastructure, advanced cyber environments, biotechnology, medical devices, agricultural technology, wind energy software, and other dual-use research areas.
PRC-linked collection efforts appear concentrated on technologies that would shorten China’s path to strategic, military, and commercial advantage. The strongest indicators point to artificial intelligence, telecommunications infrastructure, advanced cyber environments, biotechnology, medical devices, agricultural technology, wind energy software, and other dual-use research areas. This NARINT pattern suggests China is targeting AI systems, semiconductor research, cloud infrastructure, engineering processes, and research institutions that support long-term U.S. technological development rather than only acquiring individual commercial products.
Artificial intelligence is the central target. Current reporting identifies several AI-related collection priorities, including model weights, training methods, model architecture, data-processing techniques, and the infrastructure needed to operate large-scale compute environments.
As frontier AI development becomes increasingly dependent on large-scale compute infrastructure and distributed training systems, these environments likely carry growing intelligence value for PRC-linked collection efforts. Recent expansion of frontier AI compute capacity, including Anthropic’s infrastructure scaling partnerships, further supports this assessment.
EdgeTheory Key Amplifiers from underreported EdgeRunner sources demonstrating how recent frontier AI compute expansion further elevates AI as a high-priority target for PRC-linked collection efforts
The recent Linwei Ding case is especially important because it demonstrated how insider access can be leveraged to obtain highly sensitive AI infrastructure information from leading American firms. According to congressional testimony, former Google engineer Linwei Ding allegedly transferred proprietary files related to Google’s AI supercomputing architecture and data-center operations while secretly working with Chinese technology firms. The stolen material reportedly included technical details tied to high-performance computer clusters used to train advanced AI systems. Investigators assessed that this information could help Chinese companies accelerate the development of comparable AI infrastructure without spending years independently building and testing similar systems.
Telegram post by The Prompt Index summarizing allegations against Linwei Ding related to theft of AI trade secrets for PRC-linked entities
The alleged theft of Google AI supercomputing and data-center architecture indicates PRC interest in the compute infrastructure, distributed training systems, and engineering processes required to sustain advanced AI development. Access to this information could reduce the time and cost required for Chinese firms to replicate high-end AI capabilities domestically.
The alleged theft of Google AI supercomputing and data-center architecture indicates PRC interest in the compute infrastructure, distributed training systems, and engineering processes required to sustain advanced AI development.
The case also demonstrates the effectiveness of insider-enabled collection against trusted technical environments. Insider access provides visibility into proprietary systems, engineering workflows, and infrastructure documentation that external cyber operations may not reach.
Targeting of VMware, Windows, and enterprise IT environments through BRICKSTORM malware further indicates PRC prioritization of persistent access inside sensitive networks for continued intelligence collection and future exploitation.
PRC collection efforts extend beyond AI and cyber sectors. FBI reporting indicates Chinese actors have targeted agricultural research, wind turbine software, and medical devices, suggesting PRC economic espionage is directed at broad sectors of U.S. technological and industrial development.
X post by Mario Nawfal describing describing China’s systematic, large-scale intellectual property theft from the US for advanced technologies
Mario Nawfal frames PRC intellectual property theft as a coordinated effort to acquire AI infrastructure, semiconductor technology, aerospace engineering data, telecommunications systems, and defense-related research tied to long-term Chinese military and industrial development goals. His emphasis on AI compute architecture and semiconductor ecosystems suggests PRC actors are targeting the infrastructure and engineering processes required to sustain future technological competitiveness, not only finished commercial products. As a prominent technology commentator with substantial cross-platform reach, Nawfal consolidates disparate espionage incidents into a broader narrative of systemic PRC strategic collection activity. This characterization aligns closely with EdgeTheory’s technical assessment that PRC acquisition efforts increasingly prioritize indirect access and acquisition to critical technologies.
X post by Michael Ron Bowling X post by Michael Ron Bowling reporting the conviction of Chinese-born fiber laser expert Ji Wang for economic espionage and theft of trade secrets from a US company, allegedly to benefit China via the Thousand Talents Program.
The laser technology case further demonstrates that PRC-linked collection efforts are not limited to AI or advanced software, but also extend into highly specialized industrial and dual-use engineering sectors with direct military relevance. Fiber laser systems have applications across advanced manufacturing, telecommunications, targeting systems, sensing technologies, and directed-energy research, making them strategically valuable for both commercial modernization and defense development. The alleged attempt to transfer proprietary laser technology to establish a competing business in China fits the pattern of Chinese IP theft.
Fiber laser systems have applications across advanced manufacturing, telecommunications, targeting systems, sensing technologies, and directed-energy research, making them strategically valuable for both commercial modernization and defense development.
The targeted organizations reflect a full-spectrum approach to technology acquisition. EdgeTheory entity recognition identified PRC-linked actors are not only targeting defense firms or government agencies, but also the companies, universities, service providers, and research institutions that produce or support emerging technologies.
Customizable entity recognition categories in EdgeWatch monitoring PRC AI & IP Theft technologies, organizations, and companies
Frontier AI firms are among the most exposed organizations because they hold valuable model weights, proprietary training data, engineering practices, and compute infrastructure. The research specifically references major U.S. AI developers, including Google, OpenAI, Anthropic, and xAI, in connection with concerns over insider theft, model distillation, and unauthorized extraction of AI capabilities.
Telecommunications companies are another priority target because they sit at the center of national communications infrastructure. Access to these networks can expose customer records, geolocation information, and communications involving high-value individuals. This makes telecom providers both commercial targets and intelligence platforms. As of late 2024-early 2026, China affiliated hacking groups (Salt Typhoon and Flax Typhoon), targeted AT&T, Verizon, T-Mobile, and Lumen Technologies. Universities remain attractive targets because they combine sensitive research activity with strategic priorities.
EdgeTheory Narrative Intelligence identifying NIH-affiliated research activity as a potential exposure point, highlighting concerns surrounding insider access, biosecurity protocol violations, and risks associated with sensitive research environments.
EdgeTheory's AI analysis revealed many academic institutions are at risk of underpreparing for cyber intrusions.
“Large-scale compromises of educational technology platforms reveal that academic ecosystems serve as critical aggregation points linking vast amounts of sensitive and valuable data. These platforms connect diverse stakeholders—students, researchers, faculty, and administrators—creating centralized hubs that process and store various types of information. First, educational technology platforms consolidate extensive research data, including ongoing scientific studies, academic publications, and proprietary research findings, making them attractive targets for cyber intrusions seeking intellectual property or competitive advantage.
Second, these platforms manage identity information encompassing personal details, authentication credentials, and access controls for thousands, sometimes millions, of users. Unauthorized access can lead to exploitation through identity theft, credential misuse, or unauthorized data exfiltration. Third, academic communication channels facilitated by these platforms—such as email systems, messaging, document sharing, and collaboration tools—store sensitive institutional information, strategic planning documents, and operational details, which if compromised, can jeopardize institutional security and confidentiality.
Finally, collaborative networks within academia typically involve multi-institutional partnerships, cross-border research consortia, and industry collaborations. Educational platforms act as nodes in these networks, enabling information flow and resource sharing, but also creating complexities in cybersecurity and risk management, as a breach in one institution can cascade through interconnected systems.
Such compromises demonstrate the interdependent trust model in academic ecosystems where data sensitivity, interoperability, and the volume of aggregated information elevate their attractiveness and vulnerability. Preventing exploitation requires robust cybersecurity measures, awareness of the strategic value of academic data, and coordinated defense strategies across institutions.”
Recent incidents illustrate the scope of the risk. The 2023 compromise of University of Michigan exposed personal information affecting hundreds of thousands of individuals after attackers accessed university systems. The 2023 cyberattack against Johns Hopkins University disrupted operations and highlighted risks facing institutions conducting sensitive medical and scientific research. The 2024 breach involving PowerSchool demonstrated how attacks against centralized education technology providers can create cascading exposure across K-12 and higher education environments simultaneously. Universities conducting advanced work in artificial intelligence, semiconductors, biotechnology, aerospace engineering, and defense-adjacent research face elevated targeting risk because compromise can provide adversaries access to emerging technologies, proprietary research, and specialized expertise without incurring equivalent research and development costs.
Because universities operate as interconnected hubs linking researchers, students, contractors, and federally funded programs, compromise of shared academic infrastructure may provide malign actors with scalable visibility into broader research and innovation ecosystems.
Because universities operate as interconnected hubs linking researchers, students, contractors, and federally funded programs, compromise of shared academic infrastructure may provide malign actors with scalable visibility into broader research and innovation ecosystems.
EdgeTheory Key Amplifier showing how large-scale compromises of educational technology platforms turn academic ecosystems into high-value targets for accessing research data, identities, and interconnected innovation networks.
Government services, public-sector networks, IT providers, and educational technology platforms are targets because they hold sensitive information and can provide access to additional organizations. CISA’s BRICKSTORM alert identifies government and IT sectors as primary victims, showing that PRC actors are not only stealing information directly—they are trying to gain access to systems connected to research, technology development, and critical operations.
EdgeTheory analysis supports this trend. Large cyber incidents affecting educational technology systems show how attackers can use shared platforms to access student and staff information, research data, and institutional networks. Rather than targeting one file or organization, malign actors often seek broader access that can support long-term intelligence collection and future operations.
Weibo post by Chen (Chendu) describing China’s leading advanced semiconductor packaging and testing company, Tongfu Microelectronics, as deeply tied to California-based semiconductor company AMD and maintaining strong cooperation with Huawei.
Chen’s Weibo post highlights how the PRC continues leveraging globally integrated semiconductor firms to accelerate indigenous capability development, reduce reliance on U.S.-linked supply chains, and strengthen strategic technology resilience. Tongfu Microelectronics’ role as a major PRC semiconductor packaging and testing company with historical AMD-related production exposure and Huawei-linked cooperation reflects Beijing’s broader approach of converting commercial participation in foreign technology ecosystems into long-term domestic capability gains.
Tongfu occupies a strategically important position between Western semiconductor production networks and China’s domestic chip sector. Through sustained access to advanced packaging activity, engineering workflows, manufacturing processes, and supply-chain integration practices, PRC firms can accumulate operational knowledge that supports indigenous semiconductor development even absent direct transfer of the most sensitive technologies.
The post also reinforces the PRC’s emphasis on advanced packaging and heterogeneous integration as critical offset capabilities amid U.S. export controls targeting leading-edge fabrication. Packaging expertise, chiplet integration, testing optimization, and systems-level engineering can help Chinese firms improve chip performance, reduce development timelines, and partially mitigate restricted access to advanced lithography and high-end processors.
The broader significance lies in the cumulative nature of PRC capability acquisition. Beijing’s semiconductor advancement strategy increasingly relies on incremental industrial absorption through legal partnerships, joint ventures, technical servicing relationships, workforce development, overseas exposure, and ecosystem participation rather than solely through overt IP theft. These channels collectively enable PRC entities to localize expertise, scale domestic production competence, and strengthen national semiconductor resilience over time.
The Huawei linkage is particularly notable given Beijing’s prioritization of vertically integrated domestic supply chains capable of sustaining sanctioned national champions. PRC integration of packaging firms, fabs, telecom companies, AI developers, and state-backed investment mechanisms reflects a coordinated effort to establish a self-reinforcing indigenous semiconductor ecosystem less vulnerable to Western technology-denial measures.
Strategically, the post underscores that PRC semiconductor progress should not be evaluated solely by leading-edge fabrication nodes. Engineering talent accumulation, packaging maturity, manufacturing experience, and ecosystem integration represent strategic capability growth that can steadily erode Western technological advantages despite tightening export controls. These developments directly support broader PRC economic security, AI competitiveness, civil-military fusion objectives, and long-term military modernization efforts.
Weibo article describing Chinese company, Fosun Pharma, obtaining exclusive rights from California-based Kite Pharma to develop, manufacture, and commercialize CAR-T cell therapy technologies in Greater China, while converting their joint venture into a wholly owned Fosun subsidiary.
The reported acquisition of Fosun Kite by Shanghai Fosun Pharmaceutical demonstrates how PRC firms can localize advanced foreign biotechnology capabilities through licensing agreements, joint ventures, and ownership consolidation. By transferring CAR-T development, manufacturing, and commercialization rights into a PRC-controlled entity, the deal supports Beijing’s broader push to expand domestic biopharmaceutical self-sufficiency and reduce reliance on foreign healthcare firms.
The transaction highlights how sensitive biotechnology expertise can migrate through legal commercial channels rather than traditional espionage or cyber-enabled theft. Access to CAR-T manufacturing workflows, clinical development operations, regulatory experience, and biologics production processes provides PRC firms with operational knowledge that can accelerate domestic capability maturation and workforce development.
The case is particularly significant given the strategic value of CAR-T therapies, which require advanced cell-engineering, precision manufacturing, and complex clinical integration capabilities. Sustained participation in these sectors enables PRC entities to strengthen domestic biomanufacturing infrastructure while improving long-term competitiveness in high-end therapeutic markets.
The broader implication is that PRC biotechnology advancement increasingly relies on commercial integration mechanisms that provide enduring access to foreign-origin innovation, technical expertise, and production experience. Over time, these arrangements can narrow Western advantages in strategically important biotechnology sectors while strengthening China’s economic resilience and dual-use biomedical capabilities.
Telecommunications companies are another priority target because they sit at the center of national communications infrastructure.
PRC-linked espionage activity increasingly emphasizes scalable, low-visibility collection methods designed to obtain sensitive technology and research without relying solely on direct cyber intrusions. Current reporting shows PRC-linked actors use credential theft, supply-chain compromise, insider access, exploitation of trusted professional relationships, and targeting of cloud infrastructure to maintain long-term access while reducing detection risk. Rather than focusing on a single breach, these operations often prioritize persistence inside environments that support advanced technology development.
PRC-linked cyber activity has targeted semiconductor manufacturers, chip designers, and supporting supply-chain entities. In 2025, researchers observed Chinese state-sponsored actors conducting phishing campaigns against organizations involved in semiconductor manufacturing, design, testing, and semiconductor investment analysis tied to Taiwan’s chip industry.PRC-linked actors also targeted aerospace firms supporting China’s COMAC C919 aircraft program. Victims reportedly included GE Aviation, Honeywell, Safran, Ametek, and Capstone Turbine. Collection focused on turbine technology, aviation components, and manufacturing processes needed to accelerate domestic aerospace development.
Microsoft attributed HAFNIUM activity to PRC-linked actors exploiting Exchange Server vulnerabilities to target infectious disease researchers, higher education institutions, defense contractors, and organizations conducting COVID-related research. Objectives included persistent access and data collection from sensitive research environments.
These examples demonstrate a consistent pattern: PRC collection efforts repeatedly focus on technologies that support AI leadership, semiconductor production, aerospace capability, telecommunications access, biotechnology research, and advanced manufacturing capacity.
Additional reporting on PRC-aligned supply-chain operations supports EdgeTheory’s identified trend that malign actors increasingly prioritize lower-visibility access methods. Rather than conducting only direct intrusions, operators leverage compromised software providers, trusted platforms, credential theft, and third-party relationships to reach downstream targets. These approaches enable broader access, persistence, and intelligence collection while reducing detection risk.
EdgeTheory Key Amplifier demonstrates how PRC-aligned supply-chain operations increasingly prioritize indirect compromise through trusted software environments and relationship-based access pathways. Targeting connected user communities and widely used platforms can provide lower-visibility entry points into larger networks, reducing detection risk while expanding operational reach.
Observed OSINT activity shows consistent use of credential compromise, exploitation of unpatched infrastructure, and abuse of enterprise management systems to maintain covert access within victim networks. PRC operators frequently target cloud systems and third-party technology providers because one compromise can provide access to many organizations at once. Rather than hacking every target individually, actors can exploit shared infrastructure, software providers, or centrally managed environments to expand access more efficiently and reduce detection risk.
X post by Baron H. highlighting how Chinese companies are openly buying retired equipment from US National Labs at auctions and surplus dealers, then shipping it to China for reverse engineering and data recovery.
This post from Baron H, which generated significant reach and engagement, highlights an under-addressed vulnerability involving the acquisition of surplus or decommissioned equipment to obtain indirect access to sensitive technologies. Acquisition of retired laboratory equipment could provide indirect access to government-adjacent technology, records, firmware, configuration data, engineering workflows, or network architecture information while avoiding the higher attribution risks associated with traditional cyber intrusions.
Telegram post by The Hacker News highlighting attribution of PRC-linked cyber actors to global intellectual property collection activity targeting technology and manufacturing sectors.
The post highlights PRC-linked Winnti/APT41 espionage activity targeting technology and manufacturing firms for long-term collection of source code, blueprints, formulas, and other proprietary technical data. Observed activity relied on credential compromise, lateral movement, and persistent access inside enterprise networks to quietly collect sensitive information over extended periods.
The activity suggests PRC-linked actors prioritize industries with advanced manufacturing and supply-chain data that can support broader Chinese technological development. Reporting also indicates PRC actors use academic partnerships, professional relationships, and commercial access to gain proximity to sensitive R&D environments and emerging technologies before they become protected or classified.
Collectively, the reporting indicates PRC collection efforts increasingly rely on persistent, low-visibility access through commercial, academic, and enterprise environments rather than only disruptive cyber intrusions.
Defending against PRC-linked technology theft requires more than conventional cybersecurity. The threat spans insider risk, cyber intrusion, academic openness, commercial exposure, and AI-enabled collection methods. A successful response therefore needs persistent monitoring, counterintelligence screening, stronger internal controls, and faster identification of emerging threat actors and collection TTPs.
Emerging reporting on advanced AI systems autonomously performing increasingly complex cybersecurity tasks suggests the operational pace of both offensive cyber activity and defensive vulnerability discovery is accelerating. As AI-assisted cyber capabilities mature, PRC-linked operators may gain greater ability to identify exploitable infrastructure, automate reconnaissance, and scale persistence operations across complex enterprise environments while reducing operational timelines.
EdgeTheory Key Amplifier highlighting how advanced AI systems autonomously handling complex cybersecurity tasks are accelerating offensive and defensive cyber operations, giving PRC-linked actors faster reconnaissance, exploitation, and persistence capabilities.
Cyber defenses should focus on detecting long-term persistence, not just blocking initial intrusion. The BRICKSTORM reporting shows that PRC actors are using stealthy malware, encrypted communications, self-recovery mechanisms, and tunneling capabilities. In response, organizations should harden virtualization environments, restrict privileged access, monitor encrypted outbound traffic patterns, and segment sensitive systems to limit lateral movement.
Dynamically updating recommendations in EdgeWatch
Defensive efforts should also account for legal-commercial acquisition pathways that can transfer strategic technology capabilities without cyber intrusion or direct espionage. Cases involving licensing agreements, joint ventures, and foreign acquisitions demonstrate how advanced capabilities can move into PRC-controlled ecosystems through legitimate business mechanisms. In response, policymakers should strengthen investment screening frameworks such as CFIUS by increasing scrutiny of transactions involving advanced biotechnology, AI, semiconductors, and other strategic sectors. Greater visibility into licensing structures, ownership transitions, and foreign investment arrangements would help identify technology transfer risks before critical capabilities shift into competitor ecosystems.
Chat with the Edge Agent on strengthening investment screening frameworks
PRC-linked intellectual property collection increasingly targets the infrastructure, research environments, and technical expertise that support long-term U.S. technological leadership, including AI systems, cloud infrastructure, telecommunications networks, and advanced research institutions.
The reporting reviewed in this assessment indicates PRC actors combine cyber intrusion, insider access, academic collaboration, commercial relationships, and supply-chain exposure to maintain persistent, low-visibility access to sensitive technology ecosystems. These activities are often embedded within legitimate business and research environments, complicating detection and attribution.The findings also suggest many organizations still separate cybersecurity, insider-risk, and counterintelligence functions despite PRC collection activity operating across all three simultaneously. This creates potential gaps in detection as PRC actors increasingly rely on indirect, commercially embedded, and low-visibility collection methods.
