Director’s note: Confronting China’s persistent and strategic threats
Dear readers,
President Trump and Chinese premier Xi Jinping sat down for talks this week as the PRC continues pouring resources into the AI race while simultaneously expanding both its kinetic and cyber warfare capabilities. As Brian Spegele reported at The Wall Street Journal, Beijing has increasingly prioritized national security and strategic industrial dominance — including semiconductors, AI, and electric vehicles — even amid mounting economic headwinds. Having confronted China’s hacking onslaught as head of the NSA and U.S. Cyber Command, retired Gen. Tim Haugh writes at The New York Times that defeating this cyber army requires engaging American technology companies in the fight much like how the banking industry stops fraud when detected. Underlining the scope of the threat, as the ceremonial red carpet was rolled out in Beijing researchers flagged Chinese APT activity against South Caucasus energy infrastructure and a Twill Typhoon-linked China‑nexus campaign. As Gen. Haugh makes clear, China’s sustained intrusions are not episodic. They are persistent, strategic and designed to position Beijing for advantage before a future crisis or conflict. And despite years of warnings, we still are not moving fast enough to impose meaningful costs or strengthen resilience at scale.
With the advent of AI-powered cyberattacks, we also need to move fast enough to stop both government-sponsored and independent threat actors wielding supercharged capabilities. On an important episode of Cyber Focus, CrowdStrike Chief Privacy Officer Drew Bagley joined me to discuss how the arrival of frontier AI models such as Anthropic’s Mythos has propelled us into the age of “machine-speed” exploitation. As one of the few cybersecurity leaders with early access to these powerful models within Project Glasswing, he delves into why traditional “patching” is no longer enough to stop an adversary that can write and scale exploits in seconds. Our conversation included how AI is turning minor bugs into devastating remote access chains, why unmanaged AI agents within your network are the new frontier for counterintelligence, the challenge of securing legacy infrastructure in a world of automated threats and more. For critical infrastructure owners and operators already struggling with legacy systems, workforce shortages and growing attack surfaces, the implications are profound: defenders are increasingly being forced to operate at human speed against adversaries approaching machine speed. “We should think about this as an opportunity to think through this problem set now and assume that this is going to be just a widespread capability pretty soon,” he said.
Mythos was tested out of the gate by the AI Security Institute, and their latest review reflects their access to a newer checkpoint. “The length of cyber tasks that frontier models can complete autonomously has doubled on the order of months, not years,” AISI wrote, Greg Otto at CyberScoop reported, and Palo Alto Networks reached similar conclusions through its own testing. The acceleration of AI security advancements could not be more critical, as a Google report this week revealed that prominent hackers used AI to uncover a previously unknown software flaw and an exploit to take advantage of it for the first time – but were thankfully blocked before it could be used as part of a “mass exploitation event,” A.J. Vicens and Sam Tabahriti reported at Reuters. The takeaway is increasingly difficult to ignore. The cyber balance between offense and defense may again be shifting decisively toward offense unless governments and industry rethink how operational collaboration, trusted AI deployment and resilience are executed in practice.
Our cyber operators who have been on the front lines through rapid changes in the threat landscape have invaluable perspective on what is needed for the road ahead. Timothy N. Neslony, a retiring U.S. Air Force officer with more than 20 years in offensive cyber operations, writes at War on the Rocks that U.S. Cyber Command is not built for speed in an environment where “30 minutes might as well be 30 seconds.” He recommends shaping the cyber force of the future by “understanding why the current model is too slow, rethinking how the force is built and trained, and pushing authority down to where it can actually be used.”
Meanwhile, the broader battlespace continues expanding beyond terrestrial and cyber networks alone. The Congressional Budget Office released its $1.2 trillion estimate Tuesday for the Golden Dome missile defense initiative – and more than 60% of that price tag consists of deploying and sustaining 7,800 space-based anti-missile interceptors, Joseph Trevithick reported at The War Zone. SPACECOM Commander Gen. Stephen Whiting told the Mitchell Institute this week that they expect to complete a joint plan with allies for conducting future “orbital warfare” by the end of the year, Theresa Hitchens reported at Breaking Defense.
And a couple of alarming developments in drone threats this week should have us rethinking how to stop these increasingly accessible weapons: Hezbollah is building drones with easily sourced electronics and 3D printing technology for as cheap as $300 apiece. These camera-equipped explosive drones feed live video back to their operators via a fiber-optic tether to evade detection and traditional signal-jamming defenses, Lior Soroka, Suzan Haidamous and Mohamad El Chamaa reported at The Washington Post. The UAE, which is among the Gulf nations that have seen their critical infrastructure targeted by Iran’s drones, is attempting to protect some of its energy facilities with massive metal “cope cages,” Howard Altman reported at The War Zone. While these times have called for emergency measures, it’s not feasible to fortify every critical site in our communities in this fashion and this underscores the urgent need for scalable counter-UAS strategies that evolve as rapidly as the technologies adversaries are adapting for conflict.
This week by the numbers,
- 71% of Americans oppose constructing data centers for artificial intelligence in their local area, including 48% who are strongly opposed. Only 7% strongly favor these projects. (Gallup)
- NHTSA said Waymo will recall 3,791 robotaxis across the U.S. after federal regulators identified a software flaw that could cause the vehicles to drive onto flooded roads. (Automotive World)
- A British privacy regulator fined a major water supplier nearly $1.3 million after finding the utility left longstanding security gaps unaddressed across its corporate network, allowing a ransomware intrusion that went undetected for 20 months to expose personal information affecting more than 633,000 customers, employees and contractors. (Gov Info Security)
- Hackers behind the Canvas ed breach cut a deal with Instructure after claiming they stole data tied to nearly 9,000 schools and 275 million individuals. (Tech Republic)
- By using Morse code to bypass standard AI safety filters, an attacker tricked the Grok AI model and an autonomous wallet agent, Bankrbot, into authorizing the transfer of about $200,000 in cryptocurrency on the Base network. (GBhackers)
The U.S. and international partners released the Software Bill of Materials for AI – Minimum Elements guidance this week to help public- and private-sector stakeholders improve transparency in their AI systems and supply chains.
And staying with AI for two essential weekend reads: Carnegie Mellon and FDD teamed up for an industrial strategy by Phoebe Benich, Dr. Emma Stewart and Harry Krejsa to mitigate supply chain risk as the energy sector races to modernize and expand to keep up with AI demand. And at the Center for a New American Security, James Sanders, Janet Egan and Rory Madigan write that AI chip manufacturing is becoming a binding constraint on the pace of the AI compute buildout. They outline policy implications and encourage the United States to utilize both greater leverage and greater reason to ensure every chip is put to its highest-value use.
The challenge before policymakers, industry leaders and national security professionals is no longer simply anticipating disruption, but learning how to operate effectively amid continuous disruption.
War Eagle,
Frank Cilluffo