CrowdStrike has issued a warning about a surge in cyberattacks originating from China that specifically target artificial intelligence assets. The cybersecurity firm flagged the trend in a recent threat assessment, noting that the campaigns appear aimed at stealing AI models, training data, and proprietary algorithms. The warning comes as businesses and governments race to secure AI infrastructure against increasingly sophisticated espionage operations.
What the threat looks like
According to CrowdStrike's analysis, the attackers are deploying a mix of phishing, credential theft, and exploitation of known vulnerabilities to breach networks holding AI-related intellectual property. The firm's investigators observed activity linked to multiple threat groups with ties to Chinese state-sponsored operations. The targets span industries where AI is a competitive edge — technology, defense, finance, and healthcare — but the primary focus is on organizations developing frontier AI systems.
Why AI is in the crosshairs
Artificial intelligence has become a national strategic asset. Nations view control over AI models and data as a matter of economic security and military advantage. CrowdStrike's warning suggests that Chinese threat actors are systematically mapping out which companies and research labs hold the most valuable AI intellectual property. The goal isn't just theft of existing models but also long-term access to development pipelines — the kind of access that lets attackers siphon off improvements and training data over months or years.
The firm did not name specific victims or provide exact counts of compromised systems. But the broad pattern is clear: these are not random attacks. They're targeted, persistent campaigns that often begin with a single compromised credential and escalate into full network control.
What organizations should do
CrowdStrike recommends a defensive posture that treats AI assets as crown jewels. That means segmenting AI development environments from the rest of the corporate network, enforcing multi-factor authentication on every account with access to those systems, and closely monitoring for unusual data exfiltration patterns. The firm also advises companies to conduct regular red-team exercises that simulate the tactics described in the warning — particularly the use of legitimate remote access tools that attackers abuse to blend in with normal traffic.
For organizations that can't afford a full security overhaul, the baseline advice is simple: patch known vulnerabilities quickly, limit who can connect to AI servers, and assume that someone is already probing the perimeter. CrowdStrike's threat intelligence team continues to track the activity and will likely issue updated guidance as the campaigns evolve.
The warning lands at a moment when both the US and European Union are drafting regulations to protect AI intellectual property. Whether those rules will deter state-backed attackers is an open question. For now, the burden rests on individual companies to lock down their most valuable digital assets before the next phishing email arrives.
