June 20, 2026
Observer Research Foundation
By Archishman Ray Goswami
In early June, the Five Eyes – an intelligence alliance comprising the security and intelligence services of the US, UK, Canada, Australia, and New Zealand – published a bulletin titled ‘Safeguarding Our Secrets’. The bulletin warned that China’s Ministry of State Security (MSS) was increasingly using professional networking sites and job portals such as LinkedIn, Indeed, and Upwork to recruit unwitting government and civil service staff in their countries.
While the allegations have, predictably, been denounced by China’s Ministry of Foreign Affairs, they speak to a larger shift in China’s intelligence posture: one focused on exploiting the openness of digital spaces and torrential flows of public data to make rich intelligence pickings. This is a theme that materialises in various forms, from the extensive use of LinkedIn for recruitment to the exploitation of open-source large-language models (LLMs) for intelligence collection, and the synthesis of publicly validated and voluntarily provided data, such as biometric information and travel documentation, for predictive policing and surveillance. What then do these trends say about China’s role as a key global intelligence actor in 2026? And how are the counterintelligence services of targeted countries adapting to this new landscape?
Social Media Recruitment
China’s use of social media for intelligence-related purposes, mainly recruitment, is not new. As early as 2017, an MSS officer operating under the pseudonym of ‘Michael Yang’ contacted former Central Intelligence Agency (CIA) officer Kevin Mallory, developing a friendship with the American that would later be converted into a recruitment offer until the latter’s exposure and conviction in 2018. Mallory’s case was subsequently adapted into a short film produced by the Federal Bureau of Investigation (FBI) in 2020, aimed at increasing awareness of hostile recruitment on social media by China’s intelligence services. By 2023, such activity had intensified. At a Five Eyes summit meeting in Palo Alto, California, that year, Sir Ken McCallum, Director-General of Britain’s Security Service MI5, warned that China had not only stepped up its approaches to individuals and personnel attached to critical infrastructure, the security and diplomatic establishment, and civilian science and frontier technology, but was increasingly relying on social media to do so, having made nearly 20,000 recruitment attempts in the UK alone through LinkedIn.
Technological advancements, particularly in the field of digital forensics, have made efforts to counteract these challenges more feasible. In late 2025, MI5 rolled out its ‘Think Before You Link’ campaign and associated app to British parliamentarians targeted by Chinese intelligence, with the app’s integrated AI system helping to identify doctored profiles and messaging histories.
‘Safeguarding Our Secrets’, the most recent Five Eyes pronouncement, is hence only the latest iteration of a longstanding concern among Western counterintelligence services about the capabilities of their Chinese counterparts and their exploitation of the ‘open’ nature of social media. What is clear, however, is the enduring importance of technology in combatting this problem. The MSS has proven adept at using sentiment analysis in its messaging operations, both internally and, on occasion, in its external activities, to shape its communication so as to align with the beliefs of its targets. As intelligence services worldwide come to contend with the language and communication styles used in the MSS’s social media strategy to maximise effect, the use of increasingly advanced digital forensics to identify and pre-empt such messaging will become ever more important from a counterintelligence standpoint.
Distillation Attacks: Exploiting Open Source Code
Another illustration of the MSS’s effectiveness in exploiting open architectures is the increasing frequency of distillation attacks. Most commercial AI can be ‘flooded’ with automated prompts aimed at eliciting information from a system. The harvested data can then be used to explore further vulnerabilities within an adversary’s model, plug one’s own gaps, or outcompete other commercial models.
In recent months, Chinese intelligence has increasingly come to leverage the openness of commercial AI to harvest data through distillation attacks. Spurred to outcompete the US in the sphere of AI, the MSS has supported distillation attacks led by Chinese AI giants such as DeepSeek, MoonShot, and MiniMax against US models, with Anthropic, Google, and OpenAI coming under focused attack. Such distillation attacks act, in effect, as a form of advanced intelligence collection. As commercial AI becomes increasingly embedded within national security architectures, distillation, powered by quicker iteration, can provide an attacker from China with unique insight into US cyber and physical vulnerabilities to exploit.
As AI grows increasingly advanced, national counterintelligence services — particularly those faced with as powerful a rival as China — will take steps, as some already are, to limit the openness of AI architecture that enables such attacks to take place. While most commercial AI firms such as OpenAI and Anthropic operate as proprietary endeavours, limiting deep access to internal functioning by an adversary, distillation attacks place new demands for vetting and verification in how AI is used. Indeed, pressures from national security architectures will likely catalyse such a push. This, in turn, precipitates an accelerated collapse of the boundaries between industrial and national security intelligence — a shift which, while underway for some years, may have significant ramifications for the future of intelligence and geopolitics.
The Dynamic Control Platform and China’s New Intelligence Stack
Finally, recent reports about China’s ‘Dynamic Management and Control Platform for Foreigners‘ have brought into sharp focus the sophistication and near-omniscience the MSS enjoys vis-à-vis its adversaries through its harvesting and deployment of personal data. Similar to the Maven Smart System operated by Palantir and used by US intelligence during the Iran war, the Dynamic Control Platform (DCP) synthesises a multiplicity of data and intelligence inputs within a single visual dashboard. It fuses biometric information, sensor data, and vast streams of intelligence on specific targets to psychologically profile and pre-empt the actions of targeted individuals. Since its discovery, the platform has raised concerns that it could be used as a tool of intimidation and repression, both within and beyond China’s borders.
Much of the DCP’s success hinges on the use of open systems and databases holding voluntarily provided data. Simple inputs such as biometric data and travel details — often collected from foreign visitors through their visa applications — can be aggregated, organised, and weaponised through the platform. Its use therefore points to a larger conclusion: China’s intelligence services no longer require secret intelligence to target adversaries and competitors with the desired level of precision. Voluntarily submitted personal data, and even open-source intelligence (OSINT), can equally suffice in the hands of an intelligence power with the technological capacity to make sense of it. It is the capacity to understand data, not simply the quantity of it, that makes Chinese intelligence systems such as the DCP particularly effective, and even lethal.
Yet China’s omniscience by way of open-source data does not necessarily translate into omnipotence. Its counterintelligence adversaries in the West have already begun to explore steps to counteract, and even weaponise, the advantage the MSS enjoys through its unfettered access to personal data. Just as AI enables the MSS to generate fake social media profiles to suborn targets, or to synthesise, triangulate, and target specific individuals and their connections, it also provides those on the receiving end with the means to feed false data into the systems on which such technologies rely. AI is proving increasingly capable of circumventing traditional biometric sensors, undermining the integrity of the data on which systems such as the DCP depend. As technology facilitates further development, the inputs fed into such systems may grow increasingly suspect — exposing a key vulnerability of modern Chinese counterintelligence.
Intelligence is no longer restricted to the cloak-and-dagger world of secrecy alone, but is increasingly shaped by the publicly available torrents of data made accessible through cyberspace. China’s growing adeptness in managing these twin streams speaks to both the changing character of intelligence and to Beijing’s geopolitical heft on the world stage today. The rest of the world must rise to the challenge this poses — or risk being left behind in this dangerous new world.
About the author: Archishman Ray Goswami is a Non-Resident Associate Fellow at the Observer Research Foundation and a DPhil candidate in International Relations at the University of Oxford.
Source: This article was published by the Observer Research Foundation
About Observer Research Foundation
ORF was established on 5 September 1990 as a private, not for profit, ’think tank’ to influence public policy formulation. The Foundation brought together, for the first time, leading Indian economists and policymakers to present An Agenda for Economic Reforms in India. The idea was to help develop a consensus in favour of economic reforms.
View all posts by Observer Research Foundation
About Observer Research Foundation
ORF was established on 5 September 1990 as a private, not for profit, ’think tank’ to influence public policy formulation. The Foundation brought together, for the first time, leading Indian economists and policymakers to present An Agenda for Economic Reforms in India. The idea was to help develop a consensus in favour of economic reforms.
View all posts by Observer Research Foundation
No comments:
Post a Comment