Analysis

AI innovation is a double-edged sword for the Chinese Communist Party (CCP). Promises of vastly improved economic efficiencies, sweeping societal surveillance, and enhanced military and cyber capabilities sit awkwardly against the party’s fears that AI could trigger massive unemployment and then social instability. The CCP’s paranoia regarding its demand for total political and social control is apparent through a seemingly paradoxical demand for deeper AI penetration throughout the economy, while simultaneously passing laws that ban companies from replacing workers with AI bots. Ultimately, the balance between dominating global AI innovation without losing power over the technology and society will be one of the biggest challenges the CCP must surmount in the coming years.

Key to the CCP’s demand for control is an emphasis on “digital sovereignty,” a term that has increasingly emerged in public discourse about the need to secure AI from foreign IP theft or exploitation. For the CCP, this term is not just about PRC ownership over new AI innovation, but about the party’s control of the entire system that feeds AI innovation: from AI skills training through universities, to energy generation, R&D support, financing, and compulsory integration of AI products into everyday lives of PRC citizens. In this sense, “sovereignty” is an incorrect description of what the CCP aspires to. It is not about blocking foreign engagements for fear of encroaching on Chinese sovereignty. Rather, it is about a fundamentally nationalist position that prioritizes domestic production, innovation, and distillation over reliance on trading partners, foreign supply chains, or non-PRC inputs into a tightly-controlled system.

In this sense, the CCP is practicing what it has for several decades with regards to nationalist protectionism over its economy and cybersecurity. US companies, for example, are largely free to enter the Chinese market, but they are far from free to operate once they have entered. Mandated joint ventures with local partners, preferential treatment for PRC companies, forced IP extraction, new restrictions on Chinese outbound investment, and often seemingly arbitrary legal regulatory restrictions on foreign companies all show how China’s economy is designed to serve the state and Chinese national companies. 

The political and national security applications of AI have created a tension between government demands for digital nationalism and private firms’ seeking free rein to further innovation for profit. For China, there is no dilemma: companies serve the CCP and its political goals. For other countries, China’s example will likely pressure governments to attempt to adopt a similar approach in framing frontier AI as a national security resource, with all of the legal and political restrictions that such a designation entails. Digital nationalism, then, will likely accelerate, including in the United States. As Anthropic, OpenAI, and other US companies discovered over the past few weeks (see “On the Hill” below), the US government, in particular, is demonstrably willing to curtail AI companies in service of such ends. 

Yet, while China might be an early mover in terms of how it approaches questions of digital nationalism, other countries will likely struggle to match the CCP’s capacity to control the entire system of AI development, from skills training to model distillation. Copying China will therefore not necessarily increase national competitiveness in other parts of the world. Rather, digital nationalism, as it currently stands, will likely lead to an increased fracturing between governments and corporations into distinct national units with additional restrictions about who, how, and when AI can be used. Tech companies need to understand that, in part because of the threat of China and the CCP’s nationalist steering of its own tech giants, the perceived necessity for other governments to pursue similar strategies will likely increase.

Analysis

The US government is intervening heavily to try to control the spread of American frontier AI technologies. The recent imposition of export controls on Anthropic’s AI Mythos model (see “Tech Futures” below) led to a showdown between the US government and the tech sector, as the USG asserted that technological innovation has clear national security implications that the USG must address. Anthropic’s efforts to negotiate a lift or easing of export controls have inspired other companies, from Google to OpenAI, to engage the White House early in model development in hopes that such an approach will lead to fewer restrictions on their own products. The AI companies assert that the US government, in framing the spread of frontier technologies as a threat to national security, risks hampering domestic innovation and undermining the US tech sector’s competitiveness, even if the underlying logic for imposing some export controls is sound.  

The US government risks doing the most damage by limiting access to such models initially by citizenship (with only US citizens permitted access) and later to a select group of 100 US companies. For starters, the US-based developers of these models are scrambling to try to find teams of exclusively US citizens to continue building these models, an extremely tall order considering the diversity of Silicon Valley’s work force. At the same time, this move may sabotage US competitiveness overseas. In response to the restrictions, for example, companies around the world are rapidly seeking alternative models to remain competitive, including open source models that are favored by the Chinese tech giants. 

The restrictions on US AI companies are particularly concerning considering the rapid pace at which PRC-based companies are able to keep pace with–or outright steal from–Anthropic and other US companies. Zhipu AI, for example, just announced that it matched Mythos in finding security bugs. In other words, why would a company wait for the US government to permit use of an expensive Anthropic model when it could opt for a cheaper, open source alternative that is readily available, even if that model is from a Chinese company and potentially riddled with security threats? 

US tech companies will likely need to weigh the benefits of such engagement with the potential drawbacks of sharing their most sensitive IP with the US government. This is particularly nerve wracking as it introduces the potential for IP leaks, not to mention that the US government may still impose export controls on these companies even if they comply ahead of model releases. Moreover, those who best understand these technologies work for the tech companies, not the government, which introduces the potential that, despite their best efforts, these companies remain unable to persuade an executive branch that does not fully grasp the details of individual model weights or other important information. 

As Anthropic has discovered in recent weeks, the Trump administration is more than willing to curtail frontier innovation if it sees potential that such innovation could inadvertently aid China or other US adversaries. Tech companies, particularly those that work in frontier technologies, will need to reconcile with this newfound status as members of the defense-industrial complex, whereby their technologies are increasingly treated not only as private sector products, but effectively as potential weapons and national security threats. US companies writ large will similarly need to grapple with potentially stark changes to their business models if their access to AI models continues to face restrictions based on industry or employee citizenship. Collectively, while Anthropic is currently taking the brunt of the US government’s action, the fallout is that the US private sector will face dramatic changes ahead in how companies use these emerging technologies. 

Analysis

Following the Department of Defense’s early-June update to its Chinese Military Companies (1260H) List, Chinese commerce giant Alibaba is suing the DoD to have its name removed. The company argues that it is purely an e-commerce and cloud computing firm, and that every multinational company operating in China follows the same rules. Pharmaceutical and life-sciences company WuXi AppTech is also suing on similar grounds. The China-based drone-maker DJI sued the DoD last year when it was also placed on the CMC List but lost its case, which does not bode well for the Chinese plaintiffs. China imposed retaliatory export controls on ten US companies last week, accusing them of producing dual-use products. Such tit-for-tat measures are commonplace at this point, but mean that companies in targeted industries should expect supply chain volatility until this dispute is resolved.

These lawsuits highlight two noteworthy points. First is the revealing logic of Alibaba’s defense: all companies in China operate under the same rules. While Alibaba uses this fact to make the case that it is being unfairly targeted for everyday practices, it also serves as an admission that all companies in China are equally exposed to Chinese government oversight and intervention. This includes the requirement to serve the state for military and intelligence purposes if asked, as articulated in the 2015 National Security Law and 2017 National Intelligence Law. A company that is included on the CMC List, therefore, may be targeted for practices that are standard practice in China, but this standard practice does in fact pose a significant risk to US national security interests. This also means that PRC companies that do not appear on the CMC List should be considered as posing an equal national security risk, even if that risk is not yet recognized by USG regulators.  

The lawsuits’ second point is that while CMC-listed companies are likely to lose their cases in US courts (based on the DJI precedent), they at least possess a legal means for challenging the US government’s decision and a mechanism by which they can present opposing evidence. US companies do not have the same rights in China. The Chinese government is insulated from such potential suits and any plaintiff, let alone a foreign one, cannot expect the kind of impartial treatment promised by US courts. The US companies accused of making dual-use products and now subject to Beijing’s new export controls have no legal recourse to contest this decision. Trade remains the realm of unpredictable regulation, and companies would be wise to imagine their operations without China in the case they become the next target. 

These disputes also extend to the US’s allies in Europe, who also face unfair Chinese business practices. A recent survey concludes that Chinese companies, in targeted sectors, receive up to eight times greater subsidies than their peers in OECD countries, which the report compares to “doping in sports.” The EU has long confronted this problem, with Chinese solar-panel dumping as early as the 2010s and, more recently, on Chinese battery electric vehicles (BEV) in 2024. Chinese retaliatory tariffs on European goods were par for the course. Although Brussels maintains open diplomatic channels with Beijing, mixed European messaging is providing China the time to strengthen its negotiating position. As China threatens additional trade probes in lead-up to the late-June meeting of the European Council, it is clear that China applies the same tactic of “subsidize and retaliate” to Europe as it does to the United States. Therefore, it is important for the US and EU to present a united front against China’s market manipulation.

Analysis

Citing national security concerns, the US government issued an export control directive suspending all access by foreign nationals to Anthropic’s Fable 5 and Mythos 5 AI models. These restrictions apply regardless of whether these individuals reside inside or outside the United States, and also include foreign national Anthropic employees. The directive took Anthropic by surprise, and was allegedly being issued after discussions between Amazon’s CEO and White House officials. Secretary Hegseth’s long-standing demands for unconditional access to Anthropic’s models, which are part of an ongoing feud between the Department of Defense and the company, bolster interpretations that the US government’s actions against Anthropic may be rooted more in politics than substantive regulatory concern. Regardless of the feud, the directive highlights the sensitivity of foreign access to frontier technology and a desire to harness innovation in service of national security ambitions.

Rumors that Chinese organizations accessed Mythos weaken Anthropic’s position and leave the burden of resolution on the firm. By demanding that Anthropic restrict access for all foreign nationals, the administration has signaled that frontier AI models are strategic national security assets. To comply, Anthropic must establish an internal team composed exclusively of US citizens and block non-citizens from model access without explicit government approval. While perhaps sensible from a national security perspective, Anthropic, like most Silicon Valley companies, heavily relies on international employees. Washington’s demand, therefore, has the potential to significantly hinder Anthropic’s operations and sets a precedent for much stronger federal government intervention in commercial operations. 

While neither the US government nor Anthropic explicitly mentions China, the subtext reveals a fusion between commercial technology and national security driven by the Sino-American cold war. Both the USG and CCP believe that emerging technologies will define the next industrial revolution, and both governments view AI not just as a race between software models, but as an integrated system of talent, funding, energy, data, and manufacturing. This systems-perspective also reveals the uneven playing field that disadvantages US companies. While the US has placed tariffs on foreign goods and instituted export controls to slow foreign tech development, the efforts pale in comparison to the combined state, subsidized tech sector, and academic apparatus of the PRC. US companies reliant on private capital cannot reasonably expect to remain competitive with such heavily subsidized industries. 

This creates a dilemma for the US government: heavily regulate the tech sector and become a state-company hybrid model akin to China, or cede questions with national security implications to a private sector that may be ill-equipped to take larger national security interests into account and compete with the resources of the second largest economy on the planet. Neither choice is ideal, but the current direction of the US government is converging with China’s style of government-controlled innovation, as tech giants proceed according to strict government oversight and alignment. At the same time, China is applying lessons learned from the United States. The recent introduction of China’s own export controls signals a tightening on outbound capital and investment, as well as increased government control over financing of foreign entities in the PRC.

The nationalization of frontier labs is likely to grow into a larger political issue. Current moves range from President Trump’s talks with OpenAI and a potential “Public Wealth Fund” blueprint, to Senator Sanders’ proposals for an American AI Sovereign Wealth Fund to promote government partnerships with industry. In short, the push for greater government-tech fusion is coming from both sides of the political aisle and is therefore unlikely to cease anytime soon. Tech companies, therefore, need to understand that they are building not just profit-making tools, but tools for national security that governments will view accordingly.

Analysis

The PRC’s two state-owned power grid operators characterize their cybersecurity teams as purely defensive. However, their participation in national cyber exercises, procurement of red- and blue-team services, contributions to industry standards development, and creation of cyber wargaming platforms suggest activities that extend well beyond the baseline requirements for maintaining defensive cyber capabilities. US firms that operate or depend on critical infrastructure should understand that the PRC cyber threat extends well beyond the handful of hacking groups they already track.

Western threat reporting on PRC cyber operations tends to focus on the People’s Liberation Army (PLA) and named hacking groups such as Volt Typhoon. A joint advisory issued in April by US, UK, and partner agencies across 11 countries warned that PRC actors pre-position offensive cyber capabilities on national critical infrastructure, but it did not name the institutions

inside China that build those capabilities.

Offensive cyber programs within the PRC’s two state-owned grid operators present

evidence of persistent attempts to advance offensive capabilities (i.e. capabilities designed to attack other countries and not simply defend against attacks). The State Grid Corporation of China (SGCC) and China Southern Power Grid (CSG) each staff what they describe as “red and blue army ‘special forces.’” A clear sign that these programs are not purely defensive is the choice of test targets. A January 2024 paper by researchers from a CSG subsidiary developed a method for generating attack data against Modbus, an industrial control systems protocol that dominates US and European grid supervisory control and data acquisition (SCADA) systems. Penetration testing, vulnerability discovery, and industrial control system (ICS) protocol exploitation are target-agnostic, so a cybersecurity team breaching SGCC’s or CSG’s SCADA systems is also capable of breaching those behind California's Pacific Gas & Electric or the Electric Reliability Council of Texas.Texas. Furthermore, Industry standards co-drafted by PRC grid operators require their cyber-range exercises be built around MITRE ATT&CK, the same framework US firms and agencies use to characterize nation-state attacks.

What turns a utility into a national security concern is the PRC’s military-civil fusion strategy, under which the state can requisition the capabilities of state-owned enterprises for intelligence, security and military purposes. The April 2024 reforms that created the PLA’s new Cyberspace Force reorganized the military side of this architecture, while an amended Cybersecurity

Law and the 15th Five-Year Plan, released over the winter and spring, expanded network operators’ legal obligations to support state security objectives. Grid personnel are also bound into a centralized vulnerability-harvesting system: researchers must report newly discovered flaws to the government within two days and are barred from disclosing them abroad. In practice, the same SGCC and CSG teams that run provincial offensive exercises and win ministry-level competitions are the reserve roster that the Cyberspace Force or other tasking authority would draw on for a grid-relevant operation against foreign infrastructure. The transfer of capability is not just possible; it is expected and institutionalized.

For US businesses, the lesson is that the US systems PRC actors study as attack targets are the ones running US utilities, pipelines, telecoms, transportation nodes, energy transfer, water treatment, manufacturing plants, data centers, and logistics. Any firm that operates or depends on industrial control systems should treat grid and industrial control system resilience as a continuity and board-level risk rather than a problem confined to the utility sector, and should not be reassured by the “defensive” labeling that PRC operators and state media attach to these programs. Firms with supply-chain, joint-venture, or procurement exposure to China’s grid companies and their many subsidiaries face added vendor and reputational risk as US scrutiny of China-linked infrastructure deepens. The prudent posture is to assume that capability development on the PRC side is continuous, institutionalized, and pointed at the kinds of systems American companies run every day.