An Enduring Risk Profile and the National Security Implications
HORIZON ADVISORY
Horizon Advisory, an independent strategic consultancy and data platform, helps businesses, investors, and government actors understand and respond to geopolitical, economic, and technological change.
Horizon Advisory
Horizon Advisory brings a new approach and unparalleled sources and methods to understanding geopolitics. Horizon Advisory was formed with the mission of analyzing Chinese industrial strategy and implications for critical security and economic competitions. Decision-makers across sectors – national security leaders, stakeholders from the private sector, investors – face uncertainty associated with geopolitical, technological, and economic changes. Leveraging unprecedented primary sources, we apply updated strategic frameworks and novel analysis techniques to generate differentiated insights for clients including businesses, investors, and governments grappling with uncertainties.
Disclaimer: The mention of any individual, company, organization, or other entity in this report does not imply the violation of any law or international agreement, and should not be construed as such.
Executive Summary
Microsoft’s deep entanglement with the People’s Republic of China (PRC) constitutes a significant and relatively poorly understood national security risk. The book Apple in China was a New York Times bestseller last year; the story of Microsoft’s exposure is as deep and carries more direct national security implications for the United States.
Over three decades, the company has built a vast commercial, research, and engineering presence in China, one that now intersects directly with the PRC’s intelligence, surveillance, and militaryindustrial ecosystem.
In July 2025, ProPublica revealed in a series of investigations that Microsoft had employed Chinabased engineers as a part of its “digital escort” support for US Department of War cloud environments.1 Pentagon officials have since called the arrangement a “breach of trust”, and the Department has subsequently moved to restrict vendors from using China-based personnel.2
The ProPublica reporting was alarming and generated immediate responsive mitigations. But it was not necessarily surprising. This revelation was only the latest in a long history of risky engagements. This report documents how Microsoft’s engagements and relationships with the PRC have evolved and endured. The history ranges from seemingly passive source-code sharing agreements to more active support on the ground in China by the company and its partners that links to the PRC’s military as well as State-backed research institutions and companies that propel military modernization, censorship, and human rights abuses.
That history touches on a number of key findings, including:
• Microsoft’s over three decades of operations in China have created dependencies that risk intertwining US government systems with China’s State-backed technology ecosystem. Microsoft’s pursuit of market access in China has coincided with repeated security breaches and sensitive technology spillover. A web of opaque partnerships in the Chinese market has seemingly normalized this set of risks and magnified the persistent conflict between managing short-term commercial interests in the Chinese market with long-term US national security interests.
• Since 2003, Microsoft has shared Windows and Office source code with the China Information Technology Security Evaluation Center (CNITSEC | 中国信息安全 测评 中心 ), an entity
1 Renee Dudley, “A Little-Known Microsoft Program Could Expose the Defense Department to Chinese Hackers,” ProPublica, July 15, 2025, https://www.propublica.org/article/microsoft-digital-escorts-pentagon-defensedepartment-china-hackers
2 Renee Dudley, “Pentagon Warns Microsoft: Company’s Use of China-Based Engineers Was a “Breach of Trust”,” ProPublica, August 29, 2025, https://www.propublica.org/article/microsoft-china-defense-department-digitalescorts-investigation-warning
reported to be “an office in China’s premier foreign intelligence service, the Ministry of State Security (MSS).” 3 That level of code sharing likely grants the Chinese government deep architectural insight into software that underpins large swathes of US federal government and enterprise IT systems. This access is very likely to contribute to the capacity of the Chinese security and intelligence apparatus to execute exploits and campaigns, including intrusions into US government networks.4
• ProPublica revealed in the summer of 2025 that Microsoft even allowed China-based engineers (“digital escorts”) to assist US Department of War cloud customers, creating a direct insider threat. The Pentagon labeled this a “breach of trust” that has led to a number of mitigations meant to prohibit offshore personnel from accessing sensitive government environments.
• Microsoft’s Azure China cloud operated by the Beijing-based firm 21Vianet has given Chinese authorities potential visibility into Microsoft’s cloud infrastructure. Through this platform, Microsoft may have enabled State-linked entities, such as INESA and Beyondsoft, to access OpenAI large-language models. The same Azure framework was implicated in the 2023 “Storm-0558” hack, which compromised senior US officials’ email accounts.
• Microsoft’s partnerships, joint ventures, and broader web of partners in China contribute to Beijing’s military-civil fusion and surveillance capabilities. Its CMIT joint venture with CETC transferred Windows technology to a PLA-linked military industrial keystone; Microsoft Research Asia collaborated with universities linked to the Chinese military industrial apparatus on AI research and development; and the company’s Beijing and Shanghai accelerators have nurtured firms later identified as risks for perpetuating China’s State-backed campaigns of surveillance and human-rights abuses. Taken together, this presence and network of exposures reflect a pattern of limited or ineffective due diligence. That pattern is consistent with a legacy of multi-national corporates that have prioritized market access in China over US national security.
In the current geopolitical context, America’s technology leaders, like Apple and Microsoft, need to enhance their diligence of operations, partners, and supply and third-party risk. That expectation should be apparent. Regulators should pursue new and expanded protections of US national security and information security across the realm of operational exposure to China that firm-level behavior may invite. And, ultimately, market actors should demand corporate strategies from the likes of Microsoft that move beyond the Chinese market.
3 “China’s Cybersecurity Law Gives the Ministry of State Security Unprecedented New Powers Over Foreign Technology,” Recorded Future, August 31, 2017, https://www.recordedfuture.com/research/china-cybersecuritylaw
4 As Recorded Future summarized of CNITSEC’s apparent role, generally: “The MSS’s integration into the information security architecture of China via CNITSEC will possibly allow it to identify vulnerabilities in foreign technologies that China could then exploit in their own intelligence operations; Ibid.
Introduction
The US Government leverages Microsoft products and services to an extraordinary degree. For example, Microsoft 365 underpins federal email and collaboration; Windows and Azure anchor identity, endpoint management, and cloud workloads; and Teams, SharePoint, and OneDrive concentrate user data in a handful of cloud environments. That footprint has been on a steady growth path over the past few years. In 2023, the Department of Defense (now the Department of War) replaced its long-standing, internally managed cybersecurity programs with Microsoft Defender, an off-the-shelf commercial product from the same company that supplies its operating systems and productivity suite.5 In 2025, the General Services Administration (GSA) signed a multibillion-dollar “OneGov” agreement establishing unified pricing for Microsoft 365, Copilot, and Azure cloud services across all agencies. The deal simplifies procurement and further cements Microsoft’s position as a core technology provider for the US government.6
The depth of that relationship today builds on Microsoft’s history: The company is a long-standing software leader, has created many of the categories in which it dominates, and its commercial dominance tracks or exceeds that of its government business. And recent reporting underscores how that dominance leverages high switching costs to be sustained. According to media reports, Microsoft has drawn FTC scrutiny for allegedly using anti-competitive licensing terms and pricing structures that could lock customers into its ecosystem, making it prohibitively costly to switch to competitors.7
The depth of Microsoft’s relationship with the US government brings about efficiencies. But, at the same time, it also introduces the risk of single points of failure. When a platform that dominates the government technology stack faces strategic pressure or security lapses, the fallout may, in turn, be strategic and impact not single systems, but entire agencies and applications. The totality of that risk appears to be reflected in vulnerability statistics: Since late 2021, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has identified more than 340 Microsoft software vulnerabilities actively exploited by hackers, more known vulnerabilities than the next five software vendors combined.8
The risks of Microsoft’s far-reaching relationship with the US government are made considerably worse by Microsoft’s China strategy. What may register as an operational or tactical vulnerability, could be converted for strategic effect given exposure to America’s great power competitor in
5 For additional context, see: “Pentagon Hacking Fears Raised over Microsoft Military Software Monopoly,” Newsweek, June 5, 2023, https://www.newsweek.com/pentagon-hacking-fears-raised-microsoft-military-software-itantivirus-monopoly-cybersecurity-1794369.
6 “Multibillion-Dollar GSA OneGov Agreement with Microsoft Brings Steep Discounts,” U.S. General Services Administration, September 2, 2025, https://www.gsa.gov/about-us/newsroom/news-releases/multibillion-dollar-gsaonegov-agreement-with-microsoft-brings-steep-discounts-09022025.
7 Aki Ito, “FTC Chair Lina Khan Probes Microsoft’s Anti-Competitive Practices,” Business Insider, November 2024, https://www.businessinsider.com/microsoft-anti-competitive-practices-ftc-khan-biden-big-tech-2024-11
8 “Known Exploited Vulnerabilities Catalog,” Cybersecurity and Infrastructure Security Agency (CISA), https://www.cisa.gov/known-exploited-vulnerabilities-catalog
China. Over three decades, Microsoft built a large commercial and R&D presence in China. That presence touches everything from legacy product distribution and service to the most cutting-edge of Microsoft’s offerings and research and development (R&D).
On the R&D front, those ties are reflected, for example, in the history of Microsoft Research Asia (MSRA). MSRA is celebrated as a “cradle of AI talent”; it operates within an ecosystem where foreign and domestic researchers frequently co‑author with Chinese researchers affiliated with universities that carry exposure to China’s military-civil fusion and surveillance apparatus.9 On the commercial and product front, Microsoft’s willingness to accommodate Chinese government demands for “transparency” and local control provide an attack surface for exploitation. In 2003, for example, the company signed its “Government Security Program” agreement with the China Information Technology Security Evaluation Center (CNITSEC), an entity that has since been reported to effectively operate as a front for the Chinese government’s Ministry of State Security (MSS). Under this agreement, CNITSEC and related institutions were provided access to Microsoft’s Windows and Office source code for “security evaluation.”
Microsoft’s broader network of partners propels additional risks. Subsequent partnerships, including the 2015 creation of C&M Information Technologies (CMIT) with the state-owned defense conglomerate China Electronics Technology Group (CETC), and Microsoft’s cloud licensing through 21Vianet, placed PRC-linked entities in control of both Windows and Azure infrastructures. In 2023, one of those same systems, Azure’s credentialing platform, was exploited in the “Storm-0558” cyberattack that reportedly breached US government email accounts. Moreover, the company’s accelerator and incubator programs in China have further extended U.S. technology into China’s surveillance economy. Firms such as Deep Glint, Data Grand, and Hydata, each nurtured through Microsoft’s startup ecosystem, have supplied facial recognition, censorship, and policing tools to Chinese authorities and public security forces. Microsoft also continues to enable access to OpenAI technologies for Chinese partners, including companies like Beyondsoft and INESA, both of which integrate OpenAI models into products supporting China’s domestic security infrastructure.
This product-level presence and network in China – combined with the company’s long-standing exposure to China’s advanced technology research ecosystem – creates the conditions for systemic risk. As the United States government increasingly recognizes and prioritizes competition with the Chinese Communist Party, the US private sector, including multinational corporate giants like Microsoft, will need to change course. And the company that provides critical cloud infrastructure to America’s defense and intelligence apparatus cannot, at the same time, maintain deep operational, research, and supply chain linkages with the Chinese State
9 “The Art of Dealing with China,” Asia Society, September 15, 2025, https://asiasociety.org/policy-institute/artdealing-china-0
Emergent Risks from Long Ties
Digital Escorts and the Department of War
Over the past year, ProPublica published a series of investigations showing that Microsoft leveraged China‑based personnel – described as “digital escorts” – to support US government and defense workloads.10 According to the investigations, the arrangement was not clearly disclosed in some contexts and in several cases may have involved environments where the Department of War expected US‑based support.11 The reporting triggered a swift response: the Pentagon banned vendors from using China‑based staff on sensitive work and, reportedly, privately admonished Microsoft for a “breach of trust.”12 Microsoft’s response included qualification that the “digital escorts” model was designed to provide after‑hours support and that personnel did not have direct access to customer data.
In parallel, ProPublica documented that some of the same Microsoft product lines receiving China‑based support had been targets of PRC‑linked threat activity. It reported for instance, that Microsoft had long relied on engineers in China to maintain and patch software products targeted by Chinese State-linked hackers.13 In the case of its popular SharePoint software, for instance, Microsoft publicly disclosed that threat actors had exploited vulnerabilities to breach numerous government and private-sector enterprise systems in the United States. References to those exploits did not mention that certain SharePoint maintenance had been handled by China-based engineering personnel. Screenshots reviewed by ProPublica showed internal tools indicating that China-based staff were involved in fixing bugs for the “OnPrem” version of SharePoint – the version hosted on an organization’s own servers rather than in Microsoft’s cloud. Microsoft defended the arrangement by saying the China-based team was supervised by US personnel and subject to code review, and that work was being relocated.
Concerns over the confluence of staff and vulnerability exploits were heightened again when the US Air Force acknowledged another “privacy-related issue” connected to its own Microsoft
10 Renee Dudley, “A Little-Known Microsoft Program Could Expose the Defense Department to Chinese Hackers,” ProPublica, July 15, 2025, https://www.propublica.org/article/microsoft-digital-escorts-pentagon-defensedepartment-china-hackers
11 Renee Dudley, “Microsoft Used China-Based Support for Multiple U.S. Agencies, Potentially Exposing Sensitive Data,” ProPublica, July 25, 2025, https://www.propublica.org/article/microsoft-tech-support-governmentcybersecurity-china-doj-treasury
12 Renee Dudley, “Pentagon Bans Tech Vendors From Using China-Based Personnel After ProPublica Investigation,” ProPublica, September 19, 2025, https://www.propublica.org/article/pentagon-dod-microsoft-digitalescorts-china-ban-cybersecurity
13 Renee Dudley, “Microsoft Used China-Based Engineers to Support Product Recently Hacked by China,” ProPublica, August 1, 2025, https://www.propublica.org/article/microsoft-sharepoint-hack-china-cybersecurity
SharePoint system, following reports that a breach led to a service-wide shut down. An internal message that was circulated online warned personnel of exposure of personal identity and protected health information caused by SharePoint permissions issues. It said that to contain the breach, all Air Force SharePoint sites would be blocked across the service and that Microsoft Teams and Power Business Intelligence (BI) dashboards might also be affected because they rely on the same platform.14
The Air Force example was a sample of what would prove to be an even broader scope. Later reporting by ProPublica surfaced Microsoft’s use of China-based technical support for US federal cloud systems beyond the Department of War.15 In its investigation into Microsoft’s Government Community Cloud (GCC), ProPublica documented that certain engineering tasks and system maintenance had been handled by teams in China, even for agencies like the Departments of Justice, Treasury, and Commerce. These teams reportedly operated under the same “digital escort” model, under which US personnel with security clearances would relay requests to engineers abroad. That system allowed foreign engineers access, and the potential to influence US government systems In the wake of the ProPublica reporting, Microsoft announce that it would cease using China-based engineers for DoW cloud systems.16 At the same time, US defense and intelligence officials characterized Microsoft’s prior practice as a “breach of trust.”17 Even with these mitigations, questions remain about what substitutions Microsoft will make for support, what diligence and monitoring protocols will be associated with those substitutions, and whether the same risk posture persists for US government agencies.
Together, these strands of reporting show how Microsoft’s China-based engineering arrangements have intersected with its most sensitive product lines and government contracts, raising questions about the adequacy of oversight, the balance of trust and risk in infrastructure and human capital decisions, and how deeply integrated US government systems have become with global technology and software supply chains that are exposed to and, in some cases, controlled by adversarial actors.
These risks are amplified by Microsoft’s deep and enduring partnerships across China’s Stateguided technology ecosystem. For more than three decades, the company has pursued joint ventures, research collaborations, and cloud service arrangements that have embedded it in China’s high-tech sector – from its Windows source-code sharing agreements with Chiense government agencies, to AI research partnerships with military-affiliated universities, and its Azure cloud operations run entirely through government-supervised intermediaries. These relationships expand Beijing’s familiarity with Microsoft’s architecture and internal processes – the attack surface for
14 “U.S. Air Force Investigates Breach Linked to Microsoft Vendor,” The Register, October 1, 2025, https://www.theregister.com/2025/10/01/us_air_force_investigates_breach/
15 Renee Dudley, “Microsoft Used China-Based Support for Multiple U.S. Agencies, Potentially Exposing Sensitive Data,” ProPublica, July 25, 2025, https://www.propublica.org/article/microsoft-tech-support-governmentcybersecurity-china-doj-treasury.
16 Renee Dudley, “Microsoft Says it has Stopped Using China Based Engineers to Support Defense Department Computer Systems,” ProPublica, July 18, 2025, https://www.propublica.org/article/defense-department-pentagonmicrosoft-digital-escort-china
17 Renee Dudley, “Pentagon Warns Microsoft: Company’s Use of China-Based Engineers Was a “Breach of Trust”,” ProPublica, August 29, 2025, https://www.propublica.org/article/microsoft-china-defense-departmentdigital-escorts-investigation-warning
many tactical and operational threats – while eroding the separation between US defense infrastructure and China’s industrial-espionage apparatus.
As the ProPublica revelations make clear, these are not necessarily isolated incidents. Rather, the identified cases of risk appear to be symptoms of a systemic vulnerability that flow from an adversarial nation state through a web of commercial and technical dependencies that no compliance overhaul or technical firewall can easily resolve.
Ties to China’s Military Industry that Fuel
Chinese Hacks
Repeated breaches involving Microsoft’s core products suggests that the company’s cybersecurity defenses have been undermined by technical concessions to the Chinese government and intelligence services. By granting Beijing visibility into its source code and other foundational architectures, Microsoft has effectively exposed its products to one of the world’s most aggressive cyber-espionage powers – placing not only US government networks but millions of users worldwide at heightened risk.
Examining source code is one of the most effective ways to uncover zero-day vulnerabilities –hidden flaws that can be exploited before developers are even aware they exist. 18 A zero-day vulnerability refers to a security flaw that is unknown to the software’s developer and therefore has no existing fix or patch.19 Such vulnerabilities may be uncovered by intelligence agencies, cybersecurity researchers, or malicious hackers, nation state-backed or otherwise – and are often traded for significant sums on dark-web markets.
In China, however, that dynamic is inverted. Beijing’s 2021 regulations require both domestic and foreign software companies to proactively disclose newly discovered vulnerabilities to the Chinese government as a condition of market access.20 The policy effectively weaponizes the vulnerabilitydiscovery process, granting Chinese authorities early insight into security flaws that could be exploited before patches are developed or released.21 For firms like Microsoft, whose products touch enterprise and government networks worldwide, these disclosure mandates hand China’s intelligence services a systematic window into the world’s most widely used software. Microsoft admitted that the PRC likely took advantage of this law and used reported vulnerabilities in hacking campaigns.22
18 For background, see: https://people.cs.uchicago.edu/~ftchong/papers/ccs05.pdf
19 “Zero-Day Exploit Definition,” Kaspersky Resource Center, https://usa.kaspersky.com/resourcecenter/definitions/zero-day-exploit
20 Josephine Wolff, “China’s New Software Policy Weaponizes Cybersecurity Research,” The Hill, July 20, 2021, https://thehill.com/opinion/cybersecurity/564318-chinas-new-software-policy-weaponizes-cybersecurity-research
21 Ibid.
22 “Microsoft Accuses China of Abusing Vulnerability Disclosure Rules,” The Record by Recorded Future, April 15, 2022, https://therecord.media/microsoft-accuses-china-of-abusing-vulnerability-disclosure-requirements
Those concerns surfaced sharply in Congress last year. During a June 2024 congressional hearing to examine Microsoft’s cybersecurity shortfalls, lawmakers challenged the company’s President Brad Smith over his claims that Microsoft is not bound by China’s 2017 National Intelligence Law, which compels all organizations operating in China to cooperate with the state’s security services. Rep. Carlos Gimenez (R-FL) expressed disbelief that Microsoft could legally refuse such cooperation, emphasizing that the law would apply to the company’s employees and data inside China. 23 “I’m sorry... I just don’t trust what you’re saying to me,” he told Smith. “You have a cozy relationship with China. You’re there. They allow you to be there, and I can’t believe that they’re going to say, yeah, okay. No problem. You don’t have to comply with our law that everybody else does.”
The exchange underscored national-security concerns about the true conflict that exists between China’s legal regime and the international system – and about Microsoft’s long-standing presence in China: If Beijing can compel access to information held by firms operating on its soil, it could also leverage this information to search for zero-day vulnerabilities in widely used US software.
In fact, several well-documented Chinese cyber-espionage attempts in recent years have reportedly exploited “zero-day” vulnerabilities in Microsoft products.
Chinese threat Microsoft vulnerability Targets Earliest reported activity
Sunshop Group 24 (APT19)
BuckEye, Gothic Panda (APT3)25
IronHusky 26
Emissary Panda 27 (APT27)
Emissary Panda 28 (APT27)
CVE-2015-0071, a zero-day targeting Windows Internet Explorer
CVE-2017-0143 & 0144, Re-used NSA hacking tools by planting the repurposed tools on victims’ networks using zero-day vulnerability in Microsoft SMB
CVE-2021-40449, a zero-day targeting Windows kernel driver
CVE-2018-0802, Microsoft Office Equation Editor. Stack buffer overflow allowing RCE via Office documents.
CVE-2019-0604, exploiting a SharePoint remotecode-execution (RCE) to install web shells on government SharePoint servers.
US government and military; S. Korean defenserelated targets; energy and finance firms; foreign affairs think tanks; Uyghur dissidents
Governments (India, U.K.), infrastructure, international targets
Foreign government entities (Mongolia, Russia)
Government, defense-adjacent organizations, research institutions
Government organizations (Middle East, Canada), other state and defense-adjacent targets.
23 “Transcript: House Homeland Security Hearing on Microsoft’s Cybersecurity Shortfalls,” Tech Policy Press, October 2025, https://www.techpolicy.press/transcript-house-of-homeland-security-hearing-on-assessingmicrosofts-cybersecurity-shortfalls/
24 Pierluigi Paganini, “Chinese Hackers Hit Forbes,” Security Affairs, April 2015, https://securityaffairs.com/33417/cyber-crime/chinese-hackers-hit-forbes.html; “IE8 Zero-Day Pops Up in Targeted Attacks Against Korean Military Sites,” Threatpost, December 2014, www.threatpost.com/ie-8-zero-day-pops-upin-targeted-attacks-against-korean-military-sites/100728/
25 Andy Greenberg, “NSA’s Own Zero-Day Exploit Reemerges in China,” Wired, May 12, 2019, www.wired.com/story/nsa-zero-day-symantec-buckeye-china/.
26 Lucian Constantin, “Chinese APT Group IronHusky Exploits Windows Zero-Day,” CSO Online, February 2023, https://www.csoonline.com/article/571467/chinese-apt-group-ironhusky-exploits-zero-day-windows-serverprivilege-escalation.html.
27 “CVE Record: CVE-2018-0802,” Common Vulnerabilities and Exposures (CVE.org), https://www.cve.org/CVERecord?id=CVE-2018-0802
28 “Emissary Panda Attacks Middle East Government SharePoint Servers,” Unit42 by Palo Alto Networks, July 2021, https://unit42.paloaltonetworks.com/emissary-panda-attacks-middle-east-government-sharepoint-servers
ToddyCat 29 An “unknown exploit” compromising Microsoft Windows Exchange servers
Hafnium 30 Four zero-day exploits (CVE-2021-26855, CVE2021-26857, CVE-2021-26858 and CVE-202127065) in Microsoft Exchange email server software
Multiple (LuckyMouse, APT27, Tick, Bronze Butler, Winnti, Calypso, others) 32
Government and military organizations in Asia and Europe 2020
U.S. “infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and NGOs.”31
2020
CVE-2018-0802, exploiting Exchange zero-days. Global organizations with internet-exposed Exchange servers. 2021
There are many ways zero-day exploits can be discovered, and access to source code is not always necessary. As the evidence below suggests, however, Microsoft’s decision to provide the Chinese government access to Windows and Microsoft Office source code has likely aided in the discovery and exploitation of at least one zero-day vulnerability (CVE-2018-802, listed above), and possibly more
Microsoft Begins Sharing Windows Source Code with Chinese Intelligence in 2003, Giving China a Cyberespionage Edge
In 2003, Microsoft entered into a “Government Security Program” (GSP) agreement with the China Information Technology Security Evaluation Center (CNITSEC), a Chinese government body reported to operate under the authority of China’s Ministry of State Security (MSS), Beijing’s main civilian, foreign intelligence agency.33 Wu Shizhong (吴世忠), the Chinese official who signed Microsoft’s GSP agreement on behalf of China was then serving as director of CNITSEC. At the time, Microsoft publicly announced that the accord created a “Source Code Review Lab” within CNITSEC to give Chinese government experts access to Windows source code for “security evaluation.” Two official Microsoft press releases, one announcing the GSP agreement in February 2003 and another marking the lab’s opening that September, name Wu as Microsoft’s Chinese counterpart in the signing ceremony.34 A September 2025 New York Times investigation into the growing cyber prowess of China’s MSS reported that Wu was a senior official in Bureau 13, the
29 “ToddyCat: New APT Group Targeting Government Organizations,” Securelist by Kaspersky, August 2022, https://securelist.com/toddycat/106799/.
30 J.M. Porup, “The Microsoft Exchange Server Hack: A Timeline,” CSO Online, March 2021, https://www.csoonline.com/article/570653/the-microsoft-exchange-server-hack-a-timeline.html; “Microsoft Exchange Hack: Biden Administration Blames China,” Associated Press (AP News), March 7, 2021, https://apnews.com/article/microsoft-exchange-hack-biden-china-d533f5361cbc3374fdea58d3fb059f35
32 Matthieu Faou, “Exchange Servers Under Siege: 10 APT Groups Actively Exploiting Microsoft Vulnerabilities,” WeLiveSecurity (ESET), March 10, 2021, https://www.welivesecurity.com/2021/03/10/exchange-servers-undersiege-10-apt-groups.
34 “Microsoft and China Announce Government Security Program Agreement,” Microsoft News Center, February 28, 2003, https://news.microsoft.com/source/2003/02/28/microsoft-and-china-announce-government-securityprogram-agreement/; “China Information Technology Security Certification Center Source Code Review Lab Opened,” Microsoft News Center, September 26, 2003, https://news.microsoft.com/source/2003/09/26/chinainformation-technology-security-certification-center-source-code-review-lab-opened/
MSS’s technical reconnaissance arm and the bureau responsible for offensive cyber operations.35 The report showed how the CNITSEC front allowed Beijing to fuse intelligence operations with commercial innovation, giving the MSS unprecedented reach into global networks and “[providing] a direct pipeline of information about vulnerabilities” from the foreign software it reviewed.36 This confirmed earlier research by independent cybersecurity firms Recorded Future in 2017 and CrowdStrike in 2018. Each published analyses identifying CNITSEC’s direct operational ties to the MSS and its involvement in Chinese cyber-espionage activities.37
Microsoft’s relationship with CNITSEC had become a concern to the US government as early as 2009, when State Department officials flagged CNITSEC as a national security concern in a classified cable.38 The cable, released by The Guardian, suggested that the Microsoft arrangement granted CNITSEC and select Chinese firms, including the cybersecurity company TopSec Technologies Group (TopSec), access to Microsoft’s Windows source code under the pretext of conducting security evaluations.39 The entire sequence detailed in the US cable is reflective of the blurred lines that exist between civilian, military, and intelligence actors within the Chinese system.
And that conflated landscape extends beyond the likes of the MSS and PLA to include other government-linked actors that were given access to Microsoft source code under the 2003 agreement. The Third Research Institute of the Ministry of Public Security (MPS) – China’s domestic policing and internal security arm also reportedly gained access.40 According to a 2022 cybersecurity industry report, the Third Research Institute is “a major research organization within China’s public security system” responsible for technical programs supporting “smart policing and network security.” 41 Its work includes research into surveillance, network reconnaissance, offensive and defensive cyber operations, encryption, and electronic evidence collection –capabilities that underpin both China’s domestic repression and its global cyber operations.
Microsoft’s GSP program in China has been renewed and expanded multiple times since 2003 to cover additional Windows products. In 2007, Microsoft signed a new “Government Security
35 Paul Mozur and Steven Lee Myers, “How China’s Secretive Spy Agency Became a Cyber Powerhouse,” The New York Times, September 28, 2025, https://www.nytimes.com/2025/09/28/world/asia/how-chinas-secretive-spyagency-became-a-cyber-powerhouse.html
36 Ibid.
37 “Two Birds, One Stone: Panda APT Profile,” CrowdStrike Blog, 2023, https://www.crowdstrike.com/enus/blog/two-birds-one-stone-panda/
38 “U.S. Embassy Cables: China Technology Policy,” The Guardian, December 2010, https://www.theguardian.com/world/us-embassy-cables-documents/214462
39 “U.S. Embassy Cables: China Technology Policy,” The Guardian, December 2010, https://www.theguardian.com/world/us-embassy-cables-documents/214462
40 “China Information Technology Security Certification Center: Source Code Review Lab,” Tech Sina (archived), September 25, 2003, https://web.archive.org/web/20230716224331/http:/tech.sina.com.cn/it/e/2003-0925/1139238325.shtml
41 “The Role of U.S. Technology in China’s Public Security System,” Recorded Future, November 1, 2022, https://web.archive.org/web/20221101133034/https://www.recordedfuture.com/the-role-of-us-technology-in-chinapublic-security-system
Program Source Code Agreement” with Wu and CNITSEC covering Microsoft Office and other Microsoft products.”42
A later 2009 Microsoft press release boasted that the company shared “software security development ‘secrets’” with Chinese software security experts including CNITSEC.43 In 2016, Microsoft agreed to establish a dedicated “technology transparency center” in Beijing in cooperation with CNITSEC to facilitate government agencies’ ability to view Microsoft source code.44 Microsoft confirmed in August 2025 that it had shut down its transparency centers in China and curtailed early access to vulnerability information for Chinese firms, particularly those subject to Beijing’s mandatory disclosure rules.45 However, there is no public evidence that Microsoft has formally rescinded prior arrangements allowing Chinese government agencies to review its source code, an arrangement that appears to have continued at least through 2016. Whether those government access channels have been fully terminated remains unclear. 42 “中国信息安全产品测评认证中心与微软
计划源代码协议” Microsoft China Newsroom, 2007, https://news.microsoft.com/zhcn/%E4%B8%AD%E5%9B%BD%E4%BF%A1%E6%81%AF%E5%AE%89%E5%85%A8%E4%BA%A7%E5% 93%81%E6%B5%8B%E8%AF%84%E8%AE%A4%E8%AF%81%E4%B8%AD%E5%BF%83%E4%B8%8E%E5 %BE%AE%E8%BD%AF%E5%85%AC%E5%8F%B8-%E7%AD%BE%E7%BD%B2%E6%96%B0/ 43 “微软与业界分享软件安全开发“秘籍” “Microsoft China Newsroom, April 27, 2009, https://news.microsoft.com/zh-
cn/%E5%BE%AE%E8%BD%AF%E4%B8%8E%E4%B8%9A%E7%95%8C%E5%88%86%E4%BA%AB%E8% BD%AF%E4%BB%B6%E5%AE%89%E5%85%A8%E5%BC%80%E5%8F%91%E7%A7%98%E7%B1%8D/
44 “微软技术透明中心落地北京并正式启用,” Microsoft China Newsroom, September 19, 2016, https://news.microsoft.com/zhcn/%E5%BE%AE%E8%BD%AF%E6%8A%80%E6%9C%AF%E9%80%8F%E6%98%8E%E4%B8%AD%E5%B F%83%E8%90%BD%E5%9C%B0%E5%8C%97%E4%BA%AC%E5%B9%B6%E6%AD%A3%E5%BC%8F%E5 %90%AF%E7%94%A8/
45 Ryan Gallagher, “Microsoft Curbs Early Access for Chinese Firms to Cyber Flaws,” Bloomberg News, August 20, 2025, https://www.bloomberg.com/news/articles/2025-08-20/microsoft-curbs-early-access-for-chinese-firms-tocyber-flaws
Microsoft’s Adrienne Hall signs 2007 code sharing agreement with CNITSEC
While Microsoft framed the original GSP as a transparency initiative to build government trust, the partnership effectively provided a Chinese intelligence front organization with direct visibility into the architecture of the world’s – and the U.S. government’s – most widely used operating system. The risk here is not merely speculative: CrowdStrike argued in 2018 that CNITSEC’s role in Microsoft source code review allowed for the exploitation of an additional high-value zero-day exploit (CVE-2018-0802) in 2017-2018. 46 In 2022 testimony to the U.S. Economic and Security Review Commission, former FBI cyber analyst and SinaCyber founder Adam Kozy, the author of the CrowdStrike report, described how CNITSEC had leveraged its privileged access to Microsoft source code to facilitate intrusions into US systems. According to Kozy, CNITSEC’s true value lay in its ability to “cherry-pick” high-value vulnerabilities directly from Microsoft’s source code – flaws that were then converted into operational exploits for China’s cyber-espionage campaigns against US targets.47
Kozy further testified that open-source analysis indicated CNITSEC deliberately withheld public reporting on certain Microsoft vulnerabilities to preserve operational windows for exploitation. Soon after, APT40 (also known as “Panda”), a known MSS contractor, was observed exploiting a high-value Microsoft Office vulnerability (CVE-2018-0802) roughly a month before it was publicly disclosed by the Chinese cybersecurity firm Qihoo 360.48
As noted above, there have been at least eight suspected Chinese-sponsored cyberattacks exploiting zero-day vulnerabilities in Microsoft software since 2014, including CVE-2018-802, which CrowdStrike linked to Microsoft’s source code sharing. It is unlikely that all of the Chinese hacks depended on access to Microsoft’s source code. But familiarity and this degree of access –sustained as a function of the broader ongoing relationship – suggest cause for concern and enhanced scrutiny of any potential code sharing that may still exist or that could be considered in the future.
CMIT: Ceding Windows to the Chinese Government
The convergence of technical cooperation and state intelligence interests did not end with CNITSEC’s access to Microsoft source code. Rather, it set the stage for a deeper, institutional partnership between Microsoft and China’s military-civil fusion establishment. Within two years, those same security and regulatory entities would formalize their collaboration through a new joint venture, one that may have been designed to give Beijing greater control over Windows itself.
In late 2015, Microsoft established a joint venture called C&M Information Technologies (CMIT 神州网信技术有限公司), with the China Electronics Technology Group Corporation (CETC), a state-owned defense conglomerate that deploys technologies widely used in the Chinese defense
46 “Two Birds, One Stone: Panda APT Profile,” CrowdStrike Blog, 2023, https://www.crowdstrike.com/enus/blog/two-birds-one-stone-panda/.
47 “Testimony of Adam Kozy,” U.S.-China Economic and Security Review Commission, February 2022, https://www.uscc.gov/sites/default/files/2022-02/Adam_Kozy_Testimony.pdf
48 “Two Birds, One Stone: Panda APT Profile,” CrowdStrike Blog, 2023, https://www.crowdstrike.com/enus/blog/two-birds-one-stone-panda/
industry and by its security apparatuses.49 A sequence of negotiations that led up to the CMIT partnership included Microsoft CEO Satya Nadella and the deputy directors of several influential government bodies in China, such as the Ministry of Industry and Information Technology, the National Development and Reform Commission, and the State Internet Information Office.50
The primary objective stated at the formation of CMIT was to develop a customized version of Windows 10 that satisfied the Chinese government’s security specifications. 51 Central to this arrangement was China’s access to Microsoft’s core operating system technology.52 In CMIT’s own words, “The long-term goal is to acquire core technologies through in-depth cooperation, cultivate top international talent in fields of management and information technology, stimulate innovation, and accelerate China’s emergence as a leader in scientific and technological innovation.” 53 In practice, CMIT’s stated strategy seeks to leverage foreign partnerships –particularly with global firms like Microsoft – to extract intellectual property, replicate industrial capabilities, and embed Chinese researchers within high-value innovation ecosystems as described by Kozy in his testimony.54
By building deep cooperative frameworks under the guise of “transparency,” “joint research,” or “talent exchange,” China has been able to systematically internalize foreign know-how while insulating its domestic technology sector from reciprocal scrutiny. The Microsoft–CMIT partnership thus reflects not an anomaly, but a microcosm of the CCP’s broader technology acquisition doctrine. Beijing has constructed an environment in which corporate openness becomes a conduit for state-directed transfer of strategic advantage; China can asymmetrically prosper from external actors all while hardening its own players and systems.
The China Government Edition of Windows 10 was officially released in 2017, marking the culmination of that effort. Corporate filings in China show that Microsoft holds only a 49 percent stake in CMIT, confirming its position as the junior partner in a venture effectively controlled by a Chinese state-owned defense conglomerate.55
49 “Microsoft Partners with Chinese State-Owned Defense Conglomerate to Promote Windows 10,” Computerworld, 2022, https://www.computerworld.com/article/1623732/microsoft-partners-with-chinese-state-owned-defenseconglomerate-to-promote-sell-windows-10-to-gove.html
50 “中国电科与微软公司签署合资公司备忘录,” Microsoft China Newsroom, December 17, 2015, https://news.microsoft.com/zhcn/%E4%B8%AD%E5%9B%BD%E7%94%B5%E7%A7%91%E4%B8%8E%E5%BE%AE%E8%BD%AF%E5% 85%AC%E5%8F%B8%E7%AD%BE%E7%BD%B2%E5%90%88%E8%B5%84%E5%85%AC%E5%8F%B8%E5 %A4%87%E5%BF%98%E5%BD%95/
51 “Announcing Windows 10 China Government Edition and the new Surface Pro,” Microsoft News Center, May 23, 2017, https://web.archive.org/web/20230330065733/https:/blogs.microsoft.com/blog/2017/05/23/announcingwindows-10-china-government-edition-new-surface-pro/
53 “Company Introduction,” China National Machinery Group Operating System (CMGOS), March 22, 2025, https://web.archive.org/web/20250322030224/https://www.cmgos.com/web/about-us_en/intro_en/
54 “Testimony of Adam Kozy,” U.S.-China Economic and Security Review Commission, February 2022, https://www.uscc.gov/sites/default/files/2022-02/Adam_Kozy_Testimony.pdf
55 See the profile for 神州网信技术有限公司 accessible here: https://yun.ccxe.com.cn/companies/202070186
Since 2018, the U.S. government has placed at least twenty subsidiaries and research institutes of CETC under export controls, reflecting mounting concern over the conglomerate’s central role in China’s military-industrial modernization.56 Several of these designations occurred in 2022, when the US Commerce Department’s Bureau of Industry and Security (BIS) determined that the entities had engaged in “activities contrary to U.S. national security and foreign policy interests,” specifically for acquiring or attempting to acquire U.S.-origin technologies to support the PRC’s military modernization efforts.57 The scrutiny deepened in 2023, when the Biden Administration added yet another CETC entity to the Entity List following the Chinese spy balloon incident, underscoring Washington’s growing view of CETC as a critical node in Beijing’s surveillance and defense ecosystem.58
In 2018, CMIT entered into a strategic cooperation agreement with the Ministry of Public Security’s Third Research Institute. The partnership focused on advancing work “in the field of public security desktop operating systems,” effectively aligning Microsoft’s joint venture with an institution deeply embedded in China’s state surveillance and cyber operations apparatus.59
Azure Deal Gave China Access to Microsoft’s Cloud Infrastructure
The 2018 partnership marked a turning point. Having secured oversight of Microsoft’s operating system through CMIT, Chinese state entities soon turned their focus to the company’s expanding cloud infrastructure. The same logic that had governed “secure and controllable” versions of Windows was now to be applied to the cloud: Beijing would permit Microsoft to operate Azure in China under terms that ensured state access and regulatory supervision as it did in the previous generation of technology with Windows
Microsoft has long promoted the move to Azure as a more secure solution for its corporate and government clients. But as with Windows, the company has made concessions to the PRC regarding the operation of Azure as a condition for access to the Chinese market. In 2012, Microsoft and the Chinese company 21Vianet signed an agreement with the Shanghai municipal government that allowed 21Vianet to operate Microsoft’s cloud services in China.60 The Chinese government requires a local partner for foreign cloud services, and other multinational cloud services are similarly required to operate through a domestic Chinese partner.61 “21Vianet will act
56 See examples from, for example, “U.S. Adds Seven China-Related Entities to Export Control List,” Reuters, August 23, 2022, https://www.reuters.com/markets/us/us-adds-seven-china-related-entities-export-control-list-202208-23/.
57 “BIS Press Release: Seven Entity List Additions,” U.S. Department of Commerce, Bureau of Industry and Security (BIS), August 23, 2022, https://www.bis.doc.gov/index.php/documents/about-bis/newsroom/pressreleases/3121-2022-08-23-press-release-seven-entity-list-additions/file
58 Kevin Collier, “U.S. Firm’s Subsidiary Sold Electronics to Chinese Defense Company Linked to Spy Balloon,” NBC News, March 2023, https://www.nbcnews.com/news/us-firms-subsidiary-sold-electronics-chinese-defensefirm-linked-spy-b-rcna72712.
59 “Company News Archive: CMGOS Web News,” China National Machinery Group Operating System (CMGOS), March 2018, https://web.archive.org/web/20220704052812/https:/www.cmgos.com/web/2018/03/news10/
60 “Microsoft Office 365 and Windows Azure Come to China,” VNet, November 1, 2012, https://ir.vnet.com/newsreleases/news-release-details/microsoft-office-365-and-windows-azure-come-china/
61 For example, Amazon’s AWS was offered in China via two local qualified companies: The AWS China (Beijing) Region, which was generally available to Chinese customers in 2016, is operated by Beijing Sinnet Technology Co.
as an operation entity for Azure, hosting the service in its data centers and handling the customer relationship," said 21Vianet's CFO, Shang Hsiao at the time. “We also support the infrastructure too. That’s one of the reasons Microsoft selected 21Vianet – we specialize in China internet infrastructure. We’re considered the biggest Internet data center services provider in China.”62
Microsoft’s Azure operations in China are run through 21Vianet, which ensures that the platform complies with the requirements of the Ministry of Public Security (MPS) and other Chinese government authorities. 63 To meet those demands, 21Vianet reportedly built a segregated infrastructure for Azure, Office 365, and other Microsoft services, designed in coordination with the Cyberspace Administration of China (CAC) and the Ministry of Industry and Information Technology (MIIT).64 Both agencies play roles in shaping China’s cybersecurity policy – though to be sure they are not officially designated as operators of offensive cyberespionage programs.65
Today, 21Vianet is the exclusive operator of Microsoft’s cloud services and data centers in China. Microsoft employees cannot access these facilities without prior authorization from 21Vianet, which leases portions of its infrastructure from state-owned telecommunications companies –entities over which, by the company’s own admission, it has “limited control.”66
In its 2022 SEC filing, 21Vianet noted that “the Chinese government may intervene or influence our operations at any time,” and acknowledged that its systems may be “vulnerable to security breaches.”67 The company conceded that a successful compromise of its data centers or networks could result in the “misappropriation of proprietary or customer information.”68 Like all Chinese technology firms, 21Vianet also operates under the close scrutiny of China’s security,
Ltd. (Sinnet), while the AWS China (Ningxia) Region, which was launched in 2017, is operated by Ningxia Western Cloud Data Technology Co., Ltd. (NWCD). https://aws.amazon.com/blogs/enterprise-strategy/getting-started-with-aws-services-in-aws-china-beijing-regionand-aws-china-ningxia-region/
62 “Microsoft Launches Azure in China via 21Vianet Group,” Data Center Knowledge, 2024, https://www.datacenterknowledge.com/hyperscalers/microsoft-launches-azure-in-china-via-21vianet-group#closemodal
63 “由世纪互联运营的 Microsoft Azure 云平台顺利通过等保 2.0 测评,” Caijing China Daily, April 27, 2020, https://web.archive.org/web/20230720184242/https:/caijing.chinadaily.com.cn/a/202004/27/WS5ea6a454a310eec9c 72b5af6.html
64 “世纪互联蓝云是这样运营微软云服务的!), July 13, 2017, https://web.archive.org/web/20230720234212/https:/www.51cto.com/article/544681.html
65 “China’s Cyber Capabilities,” U.S.-China Economic and Security Review Commission, November 2022, https://web.archive.org/web/20230711000822/https:/www.uscc.gov/sites/default/files/202211/Chapter_3_Section_2 Chinas_Cyber_Capabilities.pdf
66 “世纪互联和微软联姻的那点事儿,” 163.com Technology, January 7, 2014, https://www.163.com/tech/article/9HVKQ5C1000915BD.html; “Windows Azure and Office 365 Cloud Services Model Operated by 21Vianet,” TrustCenter.cn (Archived PDF), July 2023, https://web.archive.org/web/20230729222015/https:/www.trustcenter.cn/file/Windows_Azure_and_Office_365_clo ud_services_business_model_operated_by_21Vianet12.pdf; “Annual Report, 21Vianet Group Inc.,” IR Archive, July 2023, https://web.archive.org/web/20230730194302/https:/ir.21vianet.com/static-files/c3a12e94-90dd-4643a84d-b29fc1a69e59, pages 29 and 75.
67 Ibid, page 18.
68 Ibid, page 29.
cybersecurity, data and information regulators. In its public filings, the company has cautioned that changes to Chinese law had expanded the government’s powers to conduct cybersecurity reviews of firms deemed to “affect national security” – a category broad enough to encompass nearly any major cloud service provider.69 These warnings have proven well-founded. In its 2023 filing, 21 Vianet disclosed that in November 2020 the MIIT had conducted an inspection of its cloud operations and identified security deficiencies that the company was ordered to correct.
The specific nature of those issues and the mandated fixes were never revealed. Around the same time, China’s Ministry of Public Security publicly cited 21Vianet as a target of a national “rectification” campaign, signaling that authorities had found content or activity on its servers that allegedly violated Chinese law.70
Microsoft has never disclosed the full extent of 21Vianet’s access to Azure’s credentialing systems, the same systems that appear to have been exploited in the 2023 “Storm-0558” cyberattack that breached US government email accounts as discussed below.71 Given 21Vianet’s privileged position and legal obligations to cooperate with Chinese authorities, the company’s role represents a potential security vector through which State-linked actors could identify or exploit zero-day vulnerabilities within Azure’s cloud infrastructure. That concern is magnified by Microsoft’s own network architecture. According to the US-China Economic and Security Review Commission, Microsoft planned to link 21Vianet’s Chinese data centers with Microsoft facilities in Asia, Europe, and even North America.72 Under this arrangement, Azure users outside China could elect to store data in Chinese data centers, while customers in China could host data abroad.
Given Chinese law authorizing government inspection of any communications equipment operating domestically, such interconnection creates a potential bridge between Chinese networks subject to state access and foreign data centers within Microsoft’s global cloud. The Commission noted that while technical safeguards, such as strict data segregation and limited administrator privileges could reduce this risk, they cannot eliminate the underlying exposure.
Microsoft’s OpenAI Partnership and Partner Entities in China
Although OpenAI prohibits direct access to its products and API from within China, Microsoft’s exclusive partnership with OpenAI and its joint venture with 21Vianet, in tandem, effectively open
69 Ibid, page 5.
70 ““净网 2018” :公安部公布 10 起整治网络违法犯罪典型案例,” Qinhuangdao Government Portal (Archived), September 17, 2018, https://web.archive.org/web/20230720182826/http:/www.qhd.gov.cn:81/article/301/847.html.
71 “Analysis of Storm-0558 Techniques for Unauthorized Email Access,” Microsoft Security Blog, July 14, 2023, https://www.microsoft.com/en-us/security/blog/2023/07/14/analysis-of-storm-0558-techniques-for-unauthorizedemail-access
72 “China’s Impact on U.S. Security Interests,” U.S.-China Economic and Security Review Commission, 2023, https://www.uscc.gov/sites/default/files/Annual_Report/Chapters/Chapter%202%20China%27s%20Impact%20on% 20U.S.%20Security%20Interests.pdf
a back door.73 Through Microsoft’s Azure China, Chinese companies can access and deploy some of the most advanced generative AI models in the world, including GPT-4, despite intended geographic and regulatory restrictions.74 In fact, just one day after OpenAI announced that it would crack down on access to its models from Chinese customers, Microsoft China announced on its own WeChat account that developers could continue using the service by transferring their work over to Azure OpenAI.75
While Microsoft has not disclosed the full list of its Chinese clients using OpenAI via Azure, public records and media investigations have identified several examples, which include one company engaged in mass censorship operations, and another major state-owned enterprise with deep ties to Beijing’s industrial and security apparatus. As will be discussed in a following subsection of this report, both entities fall into categories that US policymakers consider to be fields of concern for cooperation with China
The fact that such companies are able to leverage Microsoft-facilitated OpenAI access the risks at play in an embrace of the Chinese market and the need for thoughtful approaches to partner vetting The potential oversights are difficult to explain given Microsoft’s espoused recognition of the AI competition with China. For example, Microsoft President Brad Smith has repeatedly cited China’s rapid advances in artificial intelligence as a reason for US regulators to avoid imposing overly restrictive regulations on US tech companies. In an April 2023 speech, Smith warned that Chinese firms and research institutions could soon become “major rivals” to ChatGPT and other US AI advances – without, of course, acknowledging the role that Microsoft’s own infrastructure and partnerships in China are at risk of playing in China’s advance 76 Just seven months after Smith’s warning, in December 2023, The Verge revealed that ByteDance, the Chinese parent company of TikTok, had used Microsoft Azure services to gain access to OpenAI models. According to the report, ByteDance was not merely testing the technology – it was actively using OpenAI’s outputs to train and improve its own proprietary AI algorithms and systems, accelerating its efforts to compete in the global AI race.77
While in recent months, the White House has considered new restrictions on use of technology like ChatGPT by Chinese and Russian entities, in addition to controls already in place on the export of semiconductors and AI hardware, the episode highlights the national security and ethical risks
73 “Exclusive Response | Why doesn't ChatGPT open registration to all Chinese users? An OpenAI spokesperson exclusively told Caijing E-Law that OpenAI is currently working to increase the number of locations where users can access OpenAI tools safely and effectively,” Caijing, February 17, 2023, https://news.caijingmobile.com/article/detail/485776?source_id=40
74 “OpenAI May Not Be Available in China, but Microsoft Azure China Offers a Loophole,” TechRadar Pro, April 2024, https://www.techradar.com/pro/openai-may-not-be-available-in-china-but-microsoft-azure-china-might-offeran-unexpected-loophole
75 “Microsoft Azure China Offers Chinese Businesses a Loophole to OpenAI’s Departure,” Tom’s Hardware, April 2024, https://www.tomshardware.com/tech-industry/artificial-intelligence/microsoft-azure-china-offers-chinesebusinesses-a-loophole-to-openais-departure
76 “Microsoft President Warns China Becoming Close Rival of ChatGPT,” Nikkei Asia, March 1, 2024, https://web.archive.org/web/20240301193323/https:/asia.nikkei.com/Business/Technology/Microsoft-presidentwarns-China-becoming-close-rival-of-ChatGPT
77 Jay Peters, “ByteDance’s ChatGPT Competitor Could Challenge Microsoft,” The Verge, December 15, 2023, https://www.theverge.com/2023/12/15/24003151/bytedance-china-openai-microsoft-competitor-llm
inherent in Microsoft’s management of its OpenAI integration in China: Microsoft’s partnerships in China appear to have effectively enabled Beijing-linked entities to exploit US-developed AI breakthroughs, circumventing the restrictions that OpenAI itself appears to have intended to put in place.
78
Beyondsoft: A Microsoft Partner Powering China’s AI-Driven Censorship Apparatus
Microsoft’s AI efforts and China exposure have also played a role in facilitating the Chinese government’s extensive censorship apparatus, which polices speech and informs broader societal control throughout the authoritarian state.
One active contributor in that censorship regime is Beyondsoft, a Beijing-based IT services and outsourcing firm that has served as a certified Microsoft partner and development contractor across multiple product lines, including Microsoft Azure. The company provides software engineering, data analytics, and enterprise cloud solutions for both domestic and international clients, frequently leveraging Microsoft’s platforms to deliver those services. Yet Beyondsoft’s business portfolio extends far beyond enterprise technology. According to a 2019 investigation by The New York Times, the company employs thousands of workers engaged in China’s vast online censorship apparatus, systematically scrubbing social media platforms and digital forums of politically sensitive content. The report described Beyondsoft as one of several large private firms that “erase dissent” on behalf of state authorities – a core component of the Chinese Communist Party’s digital control infrastructure.79
In China’s tightly controlled information environment, “content moderation” firms function as the operational backbone of the state’s censorship apparatus. These contractors, employed by social media platforms, news outlets, and government agencies, are tasked with filtering out everything from pornography to political speech critical of the CCP. Despite the well-documented risks of enabling such entities, Microsoft reportedly began supplying Beyondsoft with access to OpenAI technology in 2024 through its Azure partnership program. This move equipped a key Chinese censorship contractor with cutting-edge generative AI and natural language processing tools, technologies that could dramatically enhance the efficiency and precision of China’s digital repression.
The relationship between Microsoft and Beyondsoft is long and deeply rooted. Founded in 1995, Beyondsoft’s first contract was with Microsoft and focused on translating Windows 95 into Chinese. In the decades since, Microsoft became Beyondsoft’s most important client. According to the company’s prospectuses, between 2008 and 2010 Microsoft accounted for more than a third
78 “U.S. Eyes Curbs on China’s Access to AI Software Behind ChatGPT,” Reuters, May 8, 2024, https://www.reuters.com/technology/us-eyes-curbs-chinas-access-ai-software-behind-apps-like-chatgpt-2024-0508/
79 Paul Mozur, “China’s Censorship Machine: A Lesson in Control,” The New York Times, January 2, 2019, https://www.nytimes.com/2019/01/02/business/china-internet-censor.html
of Beyondsoft’s total revenue (37.26 percent in 2010 alone) and remained its largest client by a wide margin.80
Beyondsoft’s involvement in state censorship is not peripheral; it is institutionalized. The company’s wholly owned subsidiary, Red Wheat develops software systems used by the People’s Armed Police, Chinese state media outlets, and major private platforms such as Sina and YouKu.81 Red Wheat advertises its ability to “quickly and accurately identify political, violent, pornographic, advertising, and fraudulent content,” language that mirrors official CCP directives for maintaining online “social stability.”82
Microsoft’s collaborations with Beyondsoft have gone beyond translation or localization and have touched on more cutting-edge technology developments. Over the years, the two companies have worked together in fields such as natural language processing, machine learning, and artificial intelligence, all of which can be directly applied to automated censorship systems. In 2018, Microsoft researchers even held a week-long AI bootcamp in collaboration with Beyondsoft employees, helping train its technical staff in advanced data science and AI modeling techniques.83
Beyondsoft’s own disclosures show that it is pushing toward full automation of digital censorship. In its 2022 annual report, the company described a new “image examination system” that uses deep-learning image recognition to detect political, pornographic, and violent content, with the explicit goal of reducing labor costs and improving censorship efficiency.84 And even after The New York Times exposed Beyondsoft’s role in China’s censorship industry, its partnership with Microsoft appears to have remained intact. A February 2023 report by Orient Securities, a Chinese investment bank, noted that Microsoft had “endowed [Beyondsoft] with an accumulation of artificial intelligence capabilities,” giving it “technical expertise in machine learning, natural language processing, knowledge graphs, and intelligent speech recognition.”85 In an April 2023 investor call, an unnamed Beyondsoft executive stated that “based on our previous cooperation [with Microsoft], the company [Beyondsoft] has also established business capacity in artificial intelligence and has accrued experience and technology in artificial intelligence, machine learning, [and] knowledge graphs, and can provide customers with data services in the fields of intelligent speech recognition and image recognition, and also has the ability to provide voice machine
80 See pages 142 through 144 here: https://web.archive.org/web/20230421141300/https:/pdf.dfcfw.com/pdf/H2_AN201203030004967862_1.pdf.
81 “Customer Case Studies: Government Deployments,” East Money Information Co., archived August 12 2022, https://web.archive.org/web/20220812184943/http:/120.92.114.240/customercase/government.html.
82 “深耕垂直领域,红麦互联网大数据一体化解决方案上线,” Sohu, September 9, 2019, https://www.sohu.com/a/339728127_99973062
83 “微软博彦深度训练营开启人工智能、物联网、大数据战略合作新篇章,”March 22, 2018, https://www.prnasia.com/story/205353-1.shtml
84 See the 2022 Beyondsoft annual report, here: https://web.archive.org/web/20230514190810/https:/q.stock.sohu.com/newpdf/202352978178.pdf
85 See the Orient Securities report, here: https://web.archive.org/web/20230512233159/https:/pdf.dfcfw.com/pdf/H3_AP202303131584214056_1.pdf?16787 25012000.pdf
training and other related services.”86 In a call earlier that month, Beyondsoft board secretary Wang Huan stated that projects in the areas of machine learning, natural language processing and intelligent speech recognition had “some implemented projects in finance, internet, and government sectors.”87
In July 2023, Beyondsoft told investors that it was among the first Chinese firms to gain access to Azure OpenAI. 88 In February 2024, the company stated that it was generating revenue from “products and solutions for office automation, intelligent robots and other scenarios based on Azure OpenAI for several domestic customers.”89
In China, as elsewhere, content moderation has historically relied on a blend of software tools and intensive human labor. Even the most advanced systems still require people to make nuanced judgments about what should be censored. As one Beyondsoft employee told The New York Times in 2019, “The A.I. machines are intelligent, but they aren’t as clever as human brains.”90 Yet this human oversight makes censorship costly and inconsistent – a problem that automation promises to solve. That is precisely what makes loopholes to access OpenAI technology for companies like Beyondsoft so troubling: By enabling China’s censorship contractors to automate politically driven content suppression, Microsoft may be complicit in the industrial-scale application of AI to authoritarian state information control.
Microsoft’s continued partnership with Beyondsoft – and others like it – places it in ethically and strategically troubling territory. While Microsoft has positioned itself as a global leader in responsible AI and free expression, its collaboration with any company deeply embedded in China’s State-directed censorship ecosystem raises serious questions about oversight, due diligence, and the ultimate end use of its technology.
Microsoft Enables Chinese State Firm Access to OpenAI Technology
Microsoft has also extended access to OpenAI technology via its Azure Cloud service to a major Chinese state-owned enterprise, a move that underscores the risks of proliferating advanced U.S. AI systems through commercial partnerships in China. One example, Shanghai INESA (上海仪 电), is a sprawling technology conglomerate owned by the Shanghai Municipal Government. It
86 See the analyst call transcript, here: https://web.archive.org/web/20230511173137/https:/pdf.dfcfw.com/pdf/H2_AN202304231585728367_1.pdf?16822 80554000.pdf.
87 “博彦科技:您提到的公司与微软合作的业务内容与博彦完全不同,” April 12, 2023, https://stock.stockstar.com/RB2023041200028435.shtml
88 “Beyondsoft: Commercial services based on Microsoft Azure OpenAI are expected to generate revenue this year.,” Stock Market News, July 14, 2023, https://web.archive.org/web/20240311230510/https:/m.jiemian.com/article/9747149.html.
89 “博彦科技:2023 年以来已在国内数个客户落地基于 Azure OpenAI 的产品和解决方案,产生少量收入,” Sohu, February 23, 2024, https://www.sohu.com/a/759623792_114984
90 Paul Mozur, “China’s Censorship Machine: A Lesson in Control,” The New York Times, January 2 2019, https://www.nytimes.com/2019/01/02/business/china-internet-censor.html
has long-standing ties to Microsoft. Through its Azure arrangement, an INESA subsidiary can now distribute and integrate OpenAI-powered tools across China’s tech ecosystem, effectively enabling secondary partnerships and end uses with other domestic firms. INESA’s portfolio spans multiple strategic industries, from information technology and semiconductors to the production of specialized support vehicles for the People’s Liberation Army, placing it firmly within the orbit of China’s military-civil fusion apparatus.91
In February 2024, an INESA subsidiary SinoAge ( 信 诺时 代 ), identified as an authorized distributor of Microsoft-OpenAI technology, signed an agreement with Edianyun, a Hong Kong–based IT services firm, to integrate OpenAI models through Azure into its commercial software offerings.92 The partnership appears to mark the first known and publicized instance of a Chinese State-owned enterprise gaining operational access to OpenAI systems.
The collaboration’s debut product, marketed as “Yizhihui” (易智汇), is a GPT-powered compliance and legal-assistance platform designed for small and medium-sized businesses.93 On its surface, Yizhihui promises efficiency and automation for routine legal tasks. It highlights how OpenAIderived models are now being embedded via Microsoft’s infrastructure into software controlled by a State-owned actor. SinoAge is a wholly owned subsidiary of INESA Intelligent Technology ( 云 赛 智 联 ), one of the flagship smart-technology firms under the Shanghai INESA corporate umbrella. According to company disclosures, INESA Intelligent Technology’s core business areas include alarm and security systems, video surveillance networks, and “smart security” platforms – technologies it states are “widely used in numerous fields, including banking and public security.”94 In the Chinese context, such phrasing can denote integration with the state’s domestic surveillance and law enforcement infrastructure.
Exactly when Microsoft granted SinoAge access to OpenAI technology through Azure remains unclear, as does the broader scope of Chinese firms operating under similar arrangements. It is conceivable that additional INESA subsidiaries or other unrelated Chinese companies – have been quietly extended the same privileges under Microsoft’s commercial licensing framework, potentially allowing OpenAI-derived tools to flow through China’s vast State-linked technology ecosystem.
This case is further useful for underscoring the risks that come with long-standing ties. This is not the first time INESA has benefited directly from Microsoft’s AI partnerships. In 2018, the two companies, together with the government of Shanghai’s Xuhui District, announced the creation of the Microsoft–INESA AI Innovation Center (微软–仪电人工智能创新院). At its launch, INESA
91 See Bloomberg’s profile of the company, here: https://www.bloomberg.com/profile/company/CEBXPZ:CH?embedded-checkout=true 92 “易点云:就信
略合作 ,” Stock Market News, February 22, 2024, https://m.jiemian.com/article/10827244.html.
93 “In partnership with YunSai Zhilian's subsidiary, Yidianyun, the Yizhihui platform, based on Microsoft Azure Open AI products, has been launched and may introduce more GPT-based products.,” East Money, February 27, 2024, https://web.archive.org/web/20240519004228/https:/finance.eastmoney.com/a/202402272996070648.html
94 See the company’s business area descriptions, here: https://it.inesa.com/yszl_ywly_jjfa_znaf_jjfa/List/list_0.htm
president Cai Xiaoqing declared that the partnership would “help Shanghai and even China become the world’s leading AI innovation source...”95 That ambition – to fuse Microsoft’s AI capabilities with China’s State-directed technological ascent – now appears to be materializing through initiatives like SinoAge’s access to OpenAI tools. The Institute officially opened its doors in May 2019 at a ceremony attended by several Shanghai officials and Harry Shum, then an executive vice president at Microsoft.96 The Institute soon began using Microsoft AI researchers to teach AI classes to computer scientists employed by INESA and other unspecified companies and later expanded that effort to cooperate with Chinese graduate schools. 97 The Institute is managed by INESA through a subsidiary. An INESA document states that “[t]he Innovation Institute is determined to serve national strategy, use science and technology to assist innovation and transformation, and help Shanghai build a national artificial intelligence highland and a technological innovation center with global influence.”98
Microsoft’s
Mixed Reality Technology and China’s Defense Ecosystem
Microsoft’s mixed-reality technology, developed for civilian and enterprise applications, has also surfaced within China’s defense industry. Publicly available sources suggest that its HoloLensbased system has been incorporated into aircraft maintenance and battlefield command simulation systems among other military-relevant use cases.
While the precise pathways of technology transfer remain opaque, the overlap between Microsoft’s commercial partnerships and China’s military-industrial complex raises legitimate export control and end-use-verification concerns – underscoring the risks of long-standing and opaque ties across the Chinese market. In September 2015, Chinese President Xi Jinping visited Microsoft’s Redmond, Washington campus as his first stop during an official State visit to the United States. During the visit, Microsoft executive vice president Harry Shum provided a demonstration of the HoloLens to Chairman Xi and the Chinese delegation.99
95 “微软人工智能聚焦上海,赋能中国智慧,发力时代创新,” Microsoft China, 2018, https://web.archive.org/web/20240522231412/https:/www.microsoft.com/zh-cn/ard/news/news_2018_56
96 “微软亚洲研究院(上海)和微软-仪电人工智能创新院在沪揭牌:打造上海人工智能创新引擎和生态!,” INESA, May 24, 2019, https://www.inesa.com/shinesa_gywmxwzxydyw/2019-05-24/Detail_155236.htm.
97 “服务重大战略需求 以研究生联合培养为抓手 主动对接上海先导产业发展布局 研究生院院长杜文莉 率队与“微软-仪电人工智能创新院”洽谈,” East China University of Science and Technology, November 27, 2022, https://gschool.ecust.edu.cn/2022/1127/c12755a151102/page.htm.
98 See the document’s full text archived, here: https://web.archive.org/web/20230820234344/https:/www.inesa.com/uploadpath/2021/12/17/10f46096-0168-4d1a8d0e-4d70ad1658cb.pdf
99 “Chinese President Xi Jinping visits Microsoft, sees potential of new technology,” Microsoft News Center, September 23, 2015, https://news.microsoft.com/features/chinese-president-xi-jinping-visits-microsoft-seespotential-of-new-technology/
A Certified Microsoft Partner in China’s Military-Civil Fusion Ecosystem
In 2018, three years after Xi’s visit to Microsoft’s Redmond campus, the LongRiver 3H Technology Company Ltd. (also known as the Sichuan Longrui Sanhang Technology Co., Ltd. | 四川 龙 睿三航科技有限公司 )was admitted to the Microsoft Mixed Reality Partner Program (MRPP). The certification came with a “wide range of benefits” including “connections to Microsoft product teams to help unlock the power of mixed reality and Azure cloud services for their clients.”101
LongRiver’s 2018 acceptance into Microsoft’s “Mixed-Reality Partner Program” (MRPP)102
100 Ibid.
101 See the company’s corresponding announcement, here: http://longriver3h.com/nd.jsp?id=25
102 Ibid.
Chinese President Xi Jinping receives demonstration of Microsoft’s HoloLens during a 2015 state visit to the company’s Redmond campus100
The LongRiver website presents a Chinese company positioned squarely at the intersection of China’s military aviation, defense, and mixed-reality (MR) sectors. Its “About Us” page states that among other capabilities, the firm develops “military simulation training systems,” and “highend commercial experience products for the aviation, aerospace, maritime, and military fields.”
LongRiver also publicly identifies itself as part of China’s military-civil fusion ( 军 民融合 ) program, confirming that it “actively responds to the needs of the national military-civilian integration development strategy...” and has “long-term relationships with the National University of Defense Technology (NUDT)” – one of the PLA’s premier defense university – and “research units of the armed forces”.103 Notably, LongRiver emphasizes that it adapts “the latest civilian technologies, such as virtual reality, for use in military command systems, tactical training, and advanced simulation platforms.”
NUDT’s own records corroborate the LongRiver connection: in August 2024, the university announced that LongRiver met the requirements in a competitive bid for a “virtual-scene AR (Augmented Reality) presentation and interaction system,” a platform designed to project interactive, computer-generated visual and audio elements onto real-world environments.104
LongRiver’s Defense-Oriented Product Line
LongRiver’s product catalog features several systems explicitly designed for unmanned aerial vehicle (UAV) operations and weapons development. Among them are the “UAV Ground-Station Simulator” (无人机地面站模拟器) and the “Mixed-Reality Weapon Equipment R&D Assistance System” (混合现实武器装备研发辅助系统).105
The company markets these modules as advanced training and research tools for “aviation, aerospace, and military sectors” (航空,航天,军事领域), a clear signal that their intended audience extends well beyond civilian uses.
103 See: http://longriver3h.com/col.jsp?id=101; http://www.longriver3h.com/col.jsp?id=101
104 See: https://www.nudt.edu.cn/cgxx/685c8ba115e04fd0af21a90e3d523c9a.htm
105 See: http://www.longriver3h.com/col.jsp?id=132; http://www.longriver3h.com/col.jsp?id=140
In its “Solutions” ( 解决方案 ) section, LongRiver features two flagship products: the “MixedReality Command Posture and Situation Display System” (混合现实指挥态势显示系统) and the “Virtual-Reality Tactical Simulation Training System” (虚拟现实战术仿真训练系统).106
Images from the “Mixed-Reality” section appear to show users wearing the Microsoft HoloLens headset to project three-dimensional battlefield overlays, terrain models, and troop movements into the user’s field of view to create an interactive command environment for mission rehearsal and situational awareness.
The company’s materials confirm that it applies “virtual-reality technologies to military command, tactical training, and military simulators,” aligning its offerings with the PLA’s broader push toward AR-enabled command and control systems. According to LongRiver, in 2018 its “MixedReality” simulation system was approved following an expert assessment organized by NUDT in Changsha, confirming direct technical evaluation by a PLA institution. 108 LongRiver also promotes a “Mixed-Reality Aero-Engine Repair System” ( 混合 现实 航空 发动 机 维 修系 统 ), a training and maintenance platform that uses Microsoft’s HoloLens headset to overlay 3-D engine schematics, disassembly sequences, and component data directly onto physical hardware. Technicians wearing the device can visualize internal structures, follow interactive repair steps, and simulate fault diagnostics without removing actual parts. The company explicitly lists military aviation among the system’s intended applications, describing it as suitable for “航空,航天,军事 领域” (aviation, aerospace, and military sectors).109
In December 2023, China’s state military broadcaster CCTV-7 aired footage showing a PLA Air Force maintenance technician using a Microsoft HoloLens 2 to service an aircraft engine. The
106 See: http://www.longriver3h.com/col.jsp?id=136.
107 Todd Spangler, “Microsoft Unveils HoloLens 2,” Variety, June 2019, https://variety.com/2018/digital/news/microsoft-hololens-2-2019-1202848093/
108 https://longriver3h.com/nd.jsp?id=26
109 http://longriver3h.com/col.jsp?id=141
Left: LongRiver’s “Mixed Reality Command Posture Display System,” reportedly using HoloLens 2 for military command simulations and battlefield visualization. Right: Microsoft’s 2019 HoloLens AR headset. 107
South China Morning Post confirmed the video, noting that “China’s military uses Microsoft mixed-reality headsets to maintain equipment,” and described the soldier manipulating virtual components and receiving holographic instructions projected in real time.110 Subsequent coverage by Newsweek and Windows Central corroborated the report, identifying the headset as Microsoft’s HoloLens 2.111 Moreover, publicly available footage of the CCTV coverage shows a Chinese Air Force technician with the Eastern Theater Command Air Force Brigade (东部战区空军航空兵某 旅) using what appears to be LongRiver’s HoloLens-based system.112
Microsoft announced in October 2024, that it was discontinuing production of the HoloLens. But it is expected continue to support the units until the end of 2027.113
HoloLens and the Risk of a Partner’s Military End Use
110 “China’s Military Uses Microsoft Mixed-Reality Headsets to Maintain Equipment, Video Shows,” South China Morning Post, 2025, https://www.scmp.com/news/china/military/article/3244973/chinas-military-uses-microsoftmixed-reality-headsets-maintain-equipment-video-shows
111 “China’s PLA Deploys Microsoft HoloLens 2 Mixed-Reality Headsets,” Newsweek, 2025, https://www.newsweek.com/china-peoples-liberation-army-microsoft-hololens2-mixed-reality-headsets-1852381; “Chinese Military Leverages Microsoft HoloLens 2 for Combat Training,” Windows Central, 2025, https://www.windowscentral.com/gaming/virtual-reality/chinese-military-leverage-microsofts-hololens-2-headsetsfor-combat
112 See the video and accompanying social media post, here: https://x.com/Maverick_1956/status/1735330354079191171/video/1; https://x.com/Maverick_1956/status/1735330354079191171
113 Ben Lang, “Microsoft Discontinues HoloLens 2 Support in 2027, HoloLens 3 Planned,” Road to VR, 2025, https://www.roadtovr.com/microsoft-hololens-2-discontinued-support-2027-hololens-3/?form=MG0AV3
It remains unclear whether Microsoft was aware that its mixed-reality devices and developer platforms were being adapted by LongRiver for programs linked to the Chinese military, or how extensive those applications have become. Yet as an officially certified Microsoft Mixed Reality Partner, it strains credibility to suggest the company did not know (or at least it should have known) how its technology was being deployed.
LongRiver announced its acceptance into the MRPP program in December 2018.114 Prior to that, there was already ample evidence of LongRiver’s alignment with the People’s Liberation Army that Microsoft should have been aware of.
The company’ s public WeChat account in September 2017 boasted of its invitation to participate in the government-run “3rd Military-Civilian Fusion Development High-Tech Equipment Achievement Exhibition” ( 第三届
装 备 成果展 ), where it displayed its “‘Large Military UAV Ground Station Simulator’, ‘Mixed Reality Military Command Electronic Sandbox Table’ and ‘Mixed Reality Aviation Engine Maintenance System’.”115
In May 2018, LongRiver again posted on its WeChat about attending a military-linked event, the 6th Military Industry Testing and Testing Technology Academic Exchange Conference (第六届军 工试验与测试学术交流会), where the company reported that it had “increased understanding of our company among clients in the military testing industry ”116
In October 2018, the Western Theater Command ( 西部 战 区 ), one of the PLA’s five major command regions, revealed that LongRiver had worked in conjunction with the Command and NUDT to develop a “certain data analysis system” with unspecified battlefield applications.117 Under the US Export Administration Regulations (EAR), the Military End-User (MEU) Rule prohibits exporting US-origin technology to entities in China that are involved in military end uses or act as military end users without a license, applications that are generally subject to a presumption of denial. The BIS 2021 MEU FAQ makes clear that this restriction applies not only to explicitly military items but also to dual-use technologies when the exporter knows or has reason to know the item will be used for military purposes.118
Although those explicit MEU restrictions were expanded only in 2020–2021, US exporters in 2018 were still bound by the EAR’s general “red-flag” and “know-your-customer” provisions, which required them to investigate and, if necessary, seek guidance or a license if there was reason to believe an item might be used for a military purpose. At the time Microsoft accepted LongRiver into the MRPP program, HoloLens hardware was classified as a mass-market 5A992.c item eligible for export to China without a license, but the company still had a duty to evaluate end-use
114 See: https://www.longriver3h.com/nd.jsp?id=25.
115 See an archive of the WeChat record, here: https://archive.ph/HCcbJ/image
116 See an archive of the WeChat record, here: https://archive.ph/M4Hnm
117 See an archive of the WeChat record, here: https://archive.ph/IIn8C
118 “Expansion of Export, Reexport, and Transfer (in-Country) Controls for Military End Use or Military End Users in Burma, Cambodia, China, Russia and Venezuela Final Rule. (85 FR 23459) (April 28, 2020),” https://www.bis.doc.gov/index.php/documents/pdfs/2566-2021-meu-faq/file
risk. Given LongRiver’s public record of PLA collaborations, Microsoft arguably had ample “reason to know” that the devices could be diverted to military applications even before the MEU rule’s formal expansion.
In this context, Microsoft’s sale and certification of LongRiver Technologies as a Mixed Reality Partner Program (MRPP) participant (even in 2018) should have raised serious export-control concerns. As described above, LongRiver has explicitly identified itself as part of China’s militarycivil fusion initiative on numerous occasions and states that it “actively responds to the needs of the national military-civilian integration development strategy.”
In any case, given the blurred boundaries between civilian, state, and military institutions in China’s industrial system, the appearance of HoloLens-based systems within the aviation and defense sectors underscores how even commercially marketed platforms can diffuse into sensitive military contexts, raising legitimate concerns about downstream control and technology leakage.
Microsoft Research Asia
The repeated exposure of US government systems to Chinese cyber intrusions illustrates a deeper structural problem: Microsoft’s dual identity as both a critical US government contractor, serving US national security interests, and a deeply embedded corporate player in China’s technology ecosystem. The company’s continued pursuit of commercial and research partnerships inside China has created persistent national security risks, not only through its cloud operations but also through its academic and artificial intelligence collaborations.
Nowhere is this tension clearer than in the activities of Microsoft Research Asia (MSRA) – a research institute based in Beijing and Shanghai long considered the “cradle of Chinese AI talent,” but increasingly criticized for its work with institutions tied to China’s military and surveillance state.119
One of the most concerning examples is MSRA’s work in high-risk artificial intelligence research, including work on facial recognition and synthetic media, alongside Chinese universities with direct or indirect ties to the PLA. In January 2024, a New York Times investigation reported that Microsoft had imposed limits on the type of research conducted at MSRA. A company spokesperson suggested that MSRA was prohibited from engaging in research related to quantum computing, facial recognition, or synthetic media, and was barred from collaborating with or hiring students affiliated with Chinese military-linked universities.120
A review of recent technical conference papers contradicts those claims. Since March 2024, MSRA researchers have coauthored at least ten papers involving facial recognition or synthetic media, many in collaboration with sanctioned or otherwise defense- and security-linked Chinese universities. These collaborations indicate that Microsoft’s efforts to restrict sensitive research fields are, at best, inconsistently enforced.
Of the ten papers identified, nine included coauthors from one of three Chinese universities under some form of US sanctions or designation. For example, Beihang University and the Harbin Institute of Technology (HIT) are members of the so-called “Seven Sons of National Defense.”121 These institutions are widely recognized for their close integration with the PLA’s defense research apparatus, producing technologies that support China’s military modernization and surveillance systems. The three Chinese universities collaborating with MSRA are all subject to US government sanctions for their roles in supporting Beijing’s military and strategic technology programs. Beihang University was sanctioned in March 2023 for its “contributions to China’s
119 “The Art of Dealing with China,” Asia Society Policy Institute, 2024, https://asiasociety.org/policy-institute/artdealing-china-0
120 Cade Metz, “Microsoft Expands AI Research Lab in China,” The New York Times, January 10 2024, https://www.nytimes.com/2024/01/10/technology/microsoft-china-ai-lab.html
121 “Seven Sons: China’s AI Research Institutions,” Harvard Kennedy School Rajawali Foundation, November 19 2024, https://rajawali.hks.harvard.edu/wp-content/uploads/sites/2/2024/11/240948-HKS-Occasional-Seven-SonsFINAL-11-19.pdf
military modernization efforts,” underscoring its central role in defense-related research and aerospace engineering.122 The Harbin Institute of Technology (HIT) was placed under U.S. export restrictions in 2020 for “acquiring and attempting to acquire U.S.-origin items in support of programs for the People’s Liberation Army,” particularly in the development of missile systems.123
Most recently, the University of Science and Technology of China (USTC) was sanctioned in May 2024 for its involvement in advancing China’s quantum technology capabilities and nuclear research programs. 124 Although USTC is not one of the so-called “Seven Sons of National Defense,” it has become an essential player in China’s military-civil fusion strategy – bridging academic innovation and state-directed weapons and surveillance research.
According to a 2022 report by the Chinese technology outlet QbitAI, MSRA quietly halted recruitment from the “Seven Sons of National Defense” and other universities with explicit government or military affiliations.125 Yet despite this nominal policy shift, collaborative research with these same institutions appears to have persisted.
These apparent ties underscore Microsoft’s ongoing entanglement with Chinese State-linked academia. The lab’s continued partnerships with universities central to Beijing’s military and surveillance ecosystem highlight the blurred boundary between civilian AI research and technologies with potential military applications – an enduring source of strategic risk for both Microsoft and US national security interests.
HORIZON: High-Resolution Semantically Controlled Panorama Synthesis
ORES: Open-Vocabulary Responsible Visual Synthesis MSRA, Microsoft Azure
SpeechLM: Enhanced Speech Pre-Training With Unpaired Textual Data
PersonMAE: Person Re-Identification PreTraining With Masked AutoEncoders
ART•V: Auto-Regressive Text-to-Video Generation with Diffusion Models
InstructDiffusion: A Generalist Modeling Interface for Vision Tasks
122 “Additions and Revisions of Entities to the Entity List,” Federal Register, March 6 2023, https://www.federalregister.gov/documents/2023/03/06/2023-04558/additions-and-revisions-of-entities-to-theentity-list
123 “Addition of Entities to the Entity List; Revision of Certain Entries,” Federal Register, June 5 2020, https://www.federalregister.gov/documents/2020/06/05/2020-10869/addition-of-entities-to-the-entity-list-revisionof-certain-entries-on-the-entity-list.
124 “Additions of Entities to the Entity List,” Federal Register, May 14 2024, https://www.federalregister.gov/documents/2024/05/14/2024-10485/additions-of-entities-to-the-entity-list.
125 See an archive of the WeChat record, here: https://web.archive.org/web/20220419124512/https:/mp.weixin.qq.com/s/yKWVd9DSRy7nhjtkR7UTMw?fbclid=I wAR36yLtMZmevndmElJ-Vc_AZ5WImrID-SP5F0FttM_PcowIA4muKpo-Hlvk
126 Or, in the case of a corresponding presentation, the date of conference presentation, whichever is earliest.
MicroCinema: A Divide-and-Conquer Approach for Text-to-Video Generation
CCEdit: Creative and Controllable Video Editing via Diffusion Models
ART: Anonymous Region Transformer for Variable Multi-Layer Transparent Image Generation
VolumeDiffusion: Feed-forward text-to-3D generation with efficient volumetric encoder
Microsoft’s own internal guardrails acknowledge that much of its work carries serious human rights implications, particularly in fields related to surveillance and biometric identification.127 However, one recent study, titled “PersonMAE: Person Re-Identification Pre-Training with Masked AutoEncoders,” focuses on person re-identification (ReID) – a branch of computer vision dedicated to tracking individuals across multiple cameras and environments. The potential for abuse in such technology is self-evident. Person ReID is a cornerstone of modern surveillance systems, enabling authorities to identify and follow individuals in real time across vast camera networks.
As one 2022 paper published in the Chinese journal Scientia Sinica Informationis (中国科学:信 息科) – coauthored by an MSRA researcher – openly stated that the technology served “as a key link in intelligent video surveillance systems, [person ReID] plays an important role in maintaining social public order.”128 In the Chinese context, such phrasing is widely understood as a reference to the country’s extensive state surveillance infrastructure, which monitors citizens across public and digital spaces.
MSRA’s collaboration with Chinese military-linked institutions on sensitive AI research is not a recent development. As far back as 2019, the Financial Times revealed that Microsoft had partnered with a university administered by China’s Ministry of Defense to coauthor papers on facial recognition and other artificial intelligence applications – research with direct potential use in security and population monitoring.129
Together, these patterns demonstrate how Microsoft’s research operations in China continue to intersect with the country’s state security and surveillance apparatus, despite the company’s recognition of the ethical and security risks. More importantly for US policymakers and for US national security leaders, MSRA’s ongoing cooperation with these entities highlights a recurring pattern in Microsoft’s China operations: Public reassurances of US compliance paired with quiet,
127 For context from the AI domain, see the 2025 “Responsible AI Transparency Report”: https://cdn-dynmedia1.microsoft.com/is/content/microsoftcorp/microsoft/msc/documents/presentations/CSR/Responsible-AITransparency-Report-2025-vertical.pdf
128 For an archive of the paper, see: https://web.archive.org/web/20250218200718/https:/dds.sciengine.com/cfs/files/pdfs/view/16747267/5A5C6576299B461A92FC926E45966B87-mark.pdf
129 Hannah Murphy, “China’s AI Industry Expands Despite Western Restrictions,” Financial Times, April 2019, https://www.ft.com/content/9378e7ee-5ae6-11e9-9dde-7aedca0a081a
persistent engagement in areas of high national security concern. That pattern reflects the emerging reality of true conflict between American and Chinese markets.
The lab’s official website continues to post new content and research updates, and as recently as October 2025, MSRA was advertising openings for researchers and interns in Beijing, including projects focused on large language models, computer vision, and related AI fields. 130 In other words, despite growing international scrutiny, Microsoft’s Beijing research arm appears to remain a critical conduit for talent, technology, and data exchange between one of America’s most powerful companies and China’s state-directed AI complex.
For US policymakers and regulators, that opacity is the core and enduring challenge. Microsoft’s operations in China remain largely inscrutable, with the company offering only selective, carefully worded disclosures about its research partnerships and activities there. This leaves policymakers in the untenable position of playing whack-a-mole – reacting to press reports and partial revelations rather than working from a clear accounting of Microsoft’s footprint and obligations in China. A full, verified disclosure of the company’s China-based research, data-sharing arrangements, and government partnerships would do far more to build confidence than its current piecemeal reassurances. Such an approach would also demonstrate a positive example to be replicated across other critical sectors where US-domiciled multinationals are similarly exposed to the Chinese market.
130 See, for example: https://www.microsoft.com/en-us/research/lab/microsoft-research-asia-zhcn/opportunities/?locale=zh_CN
Microsoft’s Early-Stage Acceleration and Incubation
How US Cloud Power Fueled China’s AI Ambitions
Microsoft’s efforts developing the next generation of Chinese high-tech firms has included not just its ecosystem of partners and customers, but also actors it has touched through its accelerator and incubator programs.
Among these efforts, the Microsoft Accelerator in China stands out for both its longevity and influence. For more than a decade, it provided early-stage Chinese tech companies with access to Microsoft’s technical expertise, cloud infrastructure, and business mentorship. Many of its alumni have gone on to develop advanced capabilities in big data analytics, machine learning, computer vision, and other AI-related technologies – the very domains now viewed as strategically sensitive in the broader US-China great power competition and by US policymakers.
But the Microsoft Accelerator in China did not merely boost China’s consumer-facing innovation. In several cases, the company has helped scale firms later implicated in human rights abuses or surveillance-related activities – associations that, in some instances, were glaringly apparent when those firms first joined the program. Beyond the formal accelerator, Microsoft has also fostered an extensive network of early-stage incubators in China, often established through partnerships with local governments and Chinese technology and industry parks. While the company has never published a comprehensive roster of alumni, public records and promotional materials show that these incubators have supported firms operating in sectors central to China’s surveillance apparatus and military-civil fusion strategy.
In recent years, Microsoft has appeared to quietly distance itself from parts of its Chinese research apparatus. Hundreds of China-based Microsoft engineers were reportedly asked to relocate abroad in 2024, according to media reports, a sign of the growing geopolitical pressure surrounding US–China technology collaboration.
131 But Microsoft’s involvement in China’s technology sector runs far deeper than its Beijing research lab. Through its accelerators, incubators, and cloud partnerships, the company continues to play a formative role in nurturing Chinese AI and software innovation.
131 Ryan Heath, “Microsoft China AI Engineer Relocation,” Rest of World, 2024, https://restofworld.org/2024/microsoft-china-ai-engineer-relocation/
Those relationships took on new relevance in late 2024 as the White House reviewed Microsoft’s proposed $1.5 billion investment in G42, an Emirati AI firm with extensive ties to Chinese technology companies.132 US officials reportedly expressed concern that such an alliance could expose sensitive American AI infrastructure to Beijing’s influence. That concern over indirect exposure to China largely overlooked Microsoft’s own deep and longstanding integration with China’s technology ecosystem.
The Microsoft Accelerator ( 微 软 加速器 ) rebranded in 2018 as Microsoft ScaleUp, part of its Microsoft for Startups program, served as a launchpad for select Chinese high-tech startups since 2012. The program offered participating startup teams access to Microsoft’s technical expertise, software, and infrastructure.133 (The program was rebranded again sometime in late 2024 or after as the “Greater China Strategic Incubator also known as the “Microsoft Incubator” or “微软孵化
器 ” in Chinese. 134 For more than a decade, the program not only helped build China’s AI innovation ecosystem but has also directly enabled companies later implicated in censorship, surveillance of Uyghurs, and military-civil fusion projects.
Some of these firms openly advertised their involvement in political censorship before entering the accelerator – meaning Microsoft likely knew of their operations, or could have, before deciding to help scale them. Others have since been sanctioned by the US government for providing software to the Chinese government used in mass repression and surveillance across Xinjiang. Operating out of Beijing and Shanghai, the Microsoft Accelerator has been one of the most prestigious and competitive programs of its kind in China. Between its founding in 2012 and 2022, Microsoft claimed to have graduated more than 800 startups collectively valued at over RMB 400 billion (approximately $56 billion).135 Chinese media have described the accelerator as “harder to get into than Harvard,” a reflection of its elite reputation.136
The benefits offered to companies appear to have varied over time, but in general, each participating company received a four-to-six-month tailored development program with CEO
132 Jordan Novet, “A Controversial Mideast Partner to Microsoft OpenAI Global Ambitions,” CNBC, August 25 2024, https://www.cnbc.com/2024/08/25/a-controversial-mideast-partner-to-microsoft-openai-globalambitions.html
133 See, for example: “Microsoft ScaleUp Berlin Meets Nextail,” Microsoft Europe News (archived), May 29 2018, https://web.archive.org/web/20240210205804/https://news.microsoft.com/europe/2018/05/29/microsoft-scaleupberlin-meet-nextail/
134 “Grow, Build, Connect: Microsoft for Startups,” Microsoft Official Blog (archived), February 14 2018, https://web.archive.org/web/20250920093343/https://blogs.microsoft.com/blog/2018/02/14/grow-build-connectmicrosoft-startups/
135 “Microsoft Accelerator 10 Years | Connecting Platforms and Building an Ecosystem for Industry Implementation,” Microsoft News Center, August 15, 2022, https://news.microsoft.com/zhcn/%E5%BE%AE%E8%BD%AF%E5%8A%A0%E9%80%9F%E5%99%A8%E5%8D%81%E5%B9%B4%EF%B D%9C%E8%BF%9E%E6%8E%A5%E5%B9%B3%E5%8F%B0%E3%80%81%E6%89%93%E9%80%A0%E4% BA%A7%E4%B8%9A%E8%90%BD%E5%9C%B0%E7%94%9F%E6%80%81%E5%9C%88/
136 “比哈佛还难进?必示科技入选微软加速器 2019 秋季营,” China Daily, September 18, 2019, https://tech.chinadaily.com.cn/a/201909/18/WS5d81cb9ea31099ab995e09fb.html
coaching, talent recruitment support, business-development assistance, introductions to prospective clients, and access to co-working spaces. Startups are also given free use of Microsoft products and cloud services valued at roughly RMB 3 million (about $420,000) according to 2017 reports from Chinese media.137
For emerging Chinese firms in sensitive technology sectors such as big data, machine vision, and machine learning, Microsoft’s accelerator has provided not only validation but also a direct pipeline to resources that can advance both commercial and strategic state objectives.
Although Microsoft does not take equity stakes in the accelerated startups, it strategically embeds them within its commercial ecosystem by offering access to Azure, its cloud-computing platform.138 This arrangement ensures that as these companies grow, their expanding demand for cloud services directly benefits Microsoft – creating a long-term revenue pipeline tied to the success of Chinese AI and software ventures nurtured under its own programs.
In 2024, Microsoft deepened this integration by adding AI support as a core feature of the Accelerator. Through the newly launched Pegasus Program, select participants now receive $250,000 in Azure cloud credits and privileged access to OpenAI technologies – effectively giving emerging Chinese companies hands-on experience with the world’s most advanced generative AI systems under Microsoft’s supervision.139
While other US tech firms have introduced comparable initiatives in China, none match the scope, longevity, or prestige of Microsoft’s program. Google’s Startup Accelerator only began accepting Chinese participants in 2022, and Amazon’s AI-focused accelerator followed in 2023. 140 By contrast, Microsoft’s decade-long presence has made its accelerator the de facto benchmark for US–China tech collaboration – and a key channel through which American cloud and AI infrastructure may continue to support China’s innovation ecosystem. The current status of Microsoft’s Accelerator ecosystem in China is unclear. Since mid-2024, shortly before the publication of a Rest of the World report on how companies backed by the Accelerator provided policing and censorship tools to Chinese law enforcement, its “Microsoft Incubator” WeChat has remained inactive. There has been no announcement of its closure.141
137 “Microsoft Accelerator Shanghai Launches its Inaugural Program, Expanding Cloud-Based Intelligent Innovation,” CNBlogs, January 22, 2017, https://www.cnblogs.com/zangdalei/p/7356662.html
138 “微软加速器免费“阳谋”:拓展微软云创新生态,” February 6, 2017, https://m.21jingji.com/article/20170206/7897f399ad8619a41fb04d4f36fce9f3.html.
139 “微软对初创公司扩大免费使用 Azure AI 基础设施权益,微软加速器助力 AI 原生企业抢跑,” January 12, 2024, https://mp.weixin.qq.com/s/n3QszDmdCd20VnjDWtbqoQ
140 See respective Chinese press coverage in the following archived sources: https://web.archive.org/web/20240714153732/https:/www.163.com/dy/article/HMAIBML50514D3UH.html; https://web.archive.org/web/20230628082511/https:/www.yicaiglobal.com/news/20230628-02-aws-debuts-firststartup-accelerator-for-ai-firms-in-china.
141 “Microsoft and Google Incubators Tied to Police Surveillance in China,” Rest of World, 2024, https://restofworld.org/2024/microsoft-google-chinese-startup-incubator-police-surveillance/; as evidenced by rebranded WeChat: Same post under previous name https://archive.ph/LVqiq , as of October 2024 now under new name https://archive.ph/gCVu8
Microsoft Incubated Deep Glint - a Company Later Sanctioned for Aiding Uyghur Surveillance
The 2024 Rest of World investigation cited above found that Western tech giants, including Microsoft and Google, played a formative role in building China’s artificial-intelligence ecosystem, one that now underpins its nationwide surveillance state. 142 Through research partnerships, talent pipelines, and startup incubators, these companies trained and funded a generation of Chinese computer-vision entrepreneurs whose technologies were later deployed in facial recognition, crowd monitoring, and public security data-fusion systems. Among the most prominent beneficiaries was Deep Glint (北京格灵深瞳信息技术股份有限公司), a Microsoftlinked startup that became a key supplier to China’s surveillance market.
In 2013, Microsoft Accelerator Beijing incubated Deep Glint, an artificial intelligence firm specializing in computer vision and object recognition.143 What began as a promising AI startup soon became one of China’s leading providers of facial recognition technology for law enforcement – and, later, a key player in the surveillance and repression of Uyghurs in Xinjiang. It remains unclear how Deep Glint described its technology or business objectives when applying to Microsoft’s accelerator. But soon after graduating, the company established a joint facialrecognition laboratory with police in Ürümqi, the capital of Xinjiang, where its systems were used to identify and track Uyghur individuals.144 In 2019, Coda Story reported that Deep Glint openly advertised its “Uyghur ethnicity recognition capabilities” to Chinese police on its official website, boasting of multiple Xinjiang security projects, language that has since been scrubbed from the company’s online materials.145 In July 2021, the US Department of Commerce sanctioned Deep Glint for “human rights violations and abuses in the implementation of China’s campaign of repression, mass detention, and high-technology surveillance” against Muslim minorities in Xinjiang.146
But just months before those sanctions, Microsoft Accelerator showcased Deep Glint at a major Beijing science and technology exhibition – a striking example of how US corporate programs have continued to promote and legitimize Chinese firms later implicated in state-directed human rights abuses.147
142 Microsoft and Google Incubators Tied to Police Surveillance in China,” Rest of World, 2024, https://restofworld.org/2024/microsoft-google-chinese-startup-incubator-police-surveillance/
143 Sarah Zheng, “DeepGlint: Chinese AI Firm Helped Police Catch Criminal Who Had Been on the Run for 17 Years,” South China Morning Post, 2019, https://www.scmp.com/tech/start-ups/article/3008998/deepglint-chineseai-firm-helped-police-catch-criminal-who-had-been 144 Ibid.
145 Charles Rollet, “Western Academia Helps Build China’s Automated Racism,” Coda Story, August 6, 2019, https://www.codastory.com/authoritarian-tech/western-academia-china-automated-racism/ 146 “Addition of Certain Entities to the Entity List; Revision of Existing Entry,” Federal Register, July 12 2021, https://www.federalregister.gov/documents/2021/07/12/2021-14656/addition-of-certain-entities-to-the-entity-listrevision-of-existing-entry-on-the-entity-list.
147 “回顾 | 21 届北京国际科博会,微软加速器校友惊艳亮相,科创实力挑动你的心跳脉搏,” April 22, 2022, https://freewechat.com/a/MzA3NTI1NDcwMQ==/2650144976/2
Microsoft’s Accelerator Boosted Data Grand - a Chinese Censorship and Surveillance Firm
Another Microsoft mentored company, Data Grand ( 达而 观 信息科技(上海)有限公司 ), a Shanghai-based big data and machine learning company, joined the 2017 cohort of the Microsoft Accelerator program in Shanghai. Its involvement in politically-motivated censorship was apparent at the time.148
As early as 2016, a year before its acceptance into the program, Data Grand’s own website proudly advertised its software’s ability to filter “reactionary content” – a euphemism often used by Chinese sources for politically sensitive speech.149 Once enrolled, Data Grand received hands-on business development support from Microsoft and PricewaterhouseCoopers (PwC), which “helped connect Data Grand with large enterprises and successfully land a partnership with the HR department of Budweiser China,” according to a Microsoft press release.150
Today, Data Grand continues to openly promote its role in supporting the Chinese government’s censorship apparatus. The company’s website highlights that its products “accurately identify” political content, claiming to “help create a civilized environment on its clients’ websites.151 But its work also extends beyond content moderation. Data Grand develops policing software, including its Internet Defense Line Platform (互
), which integrates data from online sources to help authorities track individuals in real time. In one case the company publicly boasted that its platform had identified a suspect in a taxi and enabled police to arrest the person upon arrival at their destination.152
Microsoft’s decision to accept into its incubation program a company engaged in censorship and surveillance – and to publicly promote that partnership – underscores the deep institutional overlap with human rights risks that long-standing China operations invite. The Microsoft Azure Store in China still hosts software advertised by Data Grand as useful in political censorship, able to detect
148 See the announcement on the company’s blog: https://www.datagrand.com/blog/microsoft-accelerator.html.
149 See conversation of the “reactionary” weighting discussed in an FAQ document archived, here: https://web.archive.org/web/20161215081313/http:/doc.datagrand.com/faq/qa-text-mining.
150 “Microsoft Accelerator Shanghai Gains Solid Ground Amid Shanghai City 2020 Plan,” Microsoft News Center, January 19 2018, (Archived) https://archive.ph/dV6wj
151 “Datagrand Products Text-Review Page,” Datagrand Official Site, July 9 2024, https:/www.datagrand.com/products/text-review/
152 “达观数据推出警
,” Datagrand Official Site, September 23, 2021, http://www.datagrand.com/blog/%E8%BE%BE%E8%A7%82%E6%95%B0%E6%8D%AE%E6%8E%A8%E5%87 %BA%E8%AD%A6%E5%8A%A1%E6%9C%BA%E5%99%A8%E4%BA%BA%EF%BC%8C%E5%8A%A9%E 5%8A%9B%E8%AD%A6%E6%83%85%E7%A0%94%E5%88%A4%E6%B5%81%E7%A8%8B%E8%87%AA% E5%8A%A8.html
if content “violates political or pornographic regulations.”153 This fact was first reported publicly on September 30, 2025, but the app remains on the store as of November 2025.154
Microsoft Accelerator Backed Tophant - a Cybersecurity Firm Helping China Monitor “Illegal Public Opinion”
In the Spring 2023 cohort of the Microsoft Accelerator Shanghai, one of the standout participants was Tophant ( 上海斗象信息科技有限公司 ) – a rapidly growing cybersecurity firm whose products are used in close coordination with Chinese government security agencies.155 Tophant’s flagship platform, Vulbox (漏洞盒子), is marketed as an internet security tool for tracking data leaks and software vulnerabilities. But internal company materials suggest the platform also serves a more politically sensitive function: Government-backed surveillance and control of online public opinion.
A review of a Tophant pitch deck shows a mock government dashboard with a module labeled “Newest Public Opinion Illegal Information Threats” (最新舆情非法信息威胁).156 The example interface lists categories such as brawls and terrorism, along with geographic locations in Chengdu, implying the system’s use in monitoring not only cybersecurity risks but also politically sensitive social incidents.
153 Allum Bokhari, “Microsoft Hosts Software That Enables China’s Censorship Empire,” Breitbart News, September 30 2025, https://www.breitbart.com/tech/2025/09/30/microsoft-hosts-software-that-enables-chinascensorship-empire/
154 See the listing, here: https://market.azure.cn/marketplace/apps/datagrand.text-audit/standard
155 “微软加速器创业加速计划 2023 年春季班榜单发布,” Microsoft Incubator social media, February 21, 2023, https://mp.weixin.qq.com/s/UCk4XZRvsA_8WU0D8zUtjg.
156 “Shanghai University of Electric Power CS Department PDF File,” Shanghai University of Electric Power (archived), February 2024, https://web.archive.org/web/20240210202222/https:/jsjxy.shiep.edu.cn/_upload/article/files/34/48/19e7f4b545429e3 420512b6d3ae6/eb433e3f-0d91-4cfe-8ac5-b7c39555a57f.pdf
157 “Text-Mining Course Page,” Shanghai University of Electric Power (archived), April 12 2021, https://web.archive.org/web/20210412194825/https:/jsjxy.shiep.edu.cn/52/fa/c967a217850/page.htm
Tophant slide showing a dashboard for monitoring online speech and “counterterrorism” activity. Dated at least to 2021.157
Tophant’s collaboration with Chinese security agencies appears to predate its acceptance into Microsoft Accelerator Shanghai. In 2021, the company partnered with the Third Research Institute of the Ministry of Public Security (MPS) to establish “Excalibur Labs” in Shanghai – a joint venture focused on “network attack and defense technology research, vulnerability discovery, talent training, and industry research.”158 Today, Tophant’s website lists both the First and Third Research Institutes of the MPS as ongoing partners.159 It also highlights the company’s designation as a “cybersecurity technology supporting unit” of the Shanghai branch of the Cyberspace Administration of China (CAC) – the country’s top internet regulator – among several other official honors.160
Accelerating Dual-Use Tech: Microsoft-Backed Startups Neuracle and Hesai Technology Advance China’s Military-Linked AI and Sensor Research
Microsoft’s Chinese Accelerator has also supported startups developing technologies with clear dual-use potential – innovations applicable to both civilian and military domains. One such company is Neuracle (博睿康科技), also known as Boruikang Technology, a neuroscience firm accepted into the Fall 2018 cohort of Microsoft Accelerator Beijing. On its own website, Microsoft openly highlighted the company’s defense relevance, describing Neuracle as “a leading enterprise in the field of brain–computer interface in China” that leverages Tsinghua University’s research to deliver “complete solutions for neuroscience research, clinical neurology, and brain–computer interface military applications [emphasis added].” 161 The acknowledgment underscored how closely Neuracle’s work – bridging human cognition and machine control – aligns with Beijing’s broader military–civil fusion strategy.
Another Microsoft-incubated firm, Hesai Technology (禾赛科技), joined the Accelerator cohort in 2016. Now publicly listed on the NASDAQ, Hesai specializes in LiDAR sensing systems, a core technology for autonomous vehicles but also one with extensive military applications in robotics, targeting, and reconnaissance. 162 According to the Congressional Research Service, Hesai Technology today manufactures autonomous warfighting vehicles for the Chinese military
158 The Third Research Institute is described by US cybersecurity firm Recorded Future as a major technical research organization within the Chinese public security apparatus. Its work includes research supporting mass surveillance. A 2020 report on “smart cities” for the US-China Economic and Security Review Commission states that MPS Research Institutes have “developed a range of surveillance technologies ranging from video cameras to computer network and internet surveillance tools” and that these Institutes were some of the entities “responsible for planning and implementing technical mass surveillance methods for China’s public security apparatus today.”
159 “Tophant Customer Portal,” Tophant Security (archived), 2024, https://web.archive.org/web/2/https:/www.tophant.com/customer
160 “About Us,” Tophant Security (archived), June 24 2024, https://web.archive.org/web/20240624053110/https:/www.tophant.com/about
161 An archived copy of that announcement from 2018 can be found, here: https://archive.ph/Dy5nO#selection11061.0-11072.0.
162 For context on applications, see “Laser Focus: Countering China’s LiDAR Threat to U.S. Critical Infrastructure and Military Systems,” Foundation for Defense of Democracies, December 2, 2024, https://www.fdd.org/analysis/2024/12/02/laser-focus-countering-chinas-lidar-threat-to-u-s-critical-infrastructureand-military-systems/
and maintains reported links to the China Electronics Technology Group Corporation (CETC) – a major state-owned defense conglomerate.163
In January 2024, the US Department of War formally designated Hesai as a “Chinese military company,” citing its close association with the PLA and its role in advancing China’s defenserelated AI and sensing technologies.164 Hesai has denied the allegations and in May 2024 filed a lawsuit against the US government challenging its inclusion on the Pentagon’s list. However the U.S. District Court for the District of Columbia upheld the DoW’s designation in July 2025.165
From Startup to Surveillance: Microsoft-Backed Hydata Powers Xinjiang’s Police State
Another graduate of the Microsoft Accelerator Beijing, Hydata (天津大海云科技有限公司), also known as Haiyun Data (海云数据), further exemplifies how Microsoft’s startup ecosystem has helped advance Chinese surveillance technologies. Accepted into the fourth Accelerator cohort in 2014, Hydata quickly gained prominence in China’s artificial intelligence and big data sectors.166
A 2017 China Daily report highlighted Hydata’s work on AI-powered lip-reading technology, boasting an 80 percent accuracy rate for English speech. The same article openly noted that the system could be deployed for “public security” and “remote military reconnaissance” – clear indicators of its potential use in state surveillance and defense operations.167 Hydata also markets an integrated law-enforcement platform called “Smart Police Brain,” which applies AI-driven data analytics to assist police in monitoring, tracking, and decision-making. According to a People’s Daily article, the company’s products have been deployed across public security, transportation, smart city development, and military–civil fusion programs – positioning Hydata as a key contributor to China’s domestic surveillance infrastructure.168
By late 2017, Hydata was officially designated a technical support unit of the Xinjiang Public Security Video Laboratory (新疆公共安全视频实验室技
单位), a state body established to implement Xi Jinping’s mandate to ensure “social stability and long-term peace in Xinjiang.”
163 Karen Sutter and Kelley Sayler, “U.S.-China Competition in Emerging Technologies: LiDAR,” Congressional Research Service, December 6, 2024, https://www.congress.gov/crs-product/IF12473
164 See additions to the Department’s 1260H list, here: www.defense.gov/News/Releases/Release/Article/3661985/dod-releases-list-of-peoples-republic-of-china-prcmilitary-companies-in-accord/.
165 “Chinese lidar maker Hesai loses lawsuit against US government for blacklisting,” Reuters, July 12, 2025, https://www.scmp.com/tech/tech-war/article/3317960/chinese-lidar-maker-hesai-loses-lawsuit-against-usgovernment-blacklisting
166 “The 21st Beijing International High-Tech Expo: Microsoft Accelerator Alumni Make a Stunning Appearance, Their Scientific and Technological Innovation Strength Will Get Your Heart Fluttering,” Microsoft Accelerator, April 22, 2021, https://freewechat.com/a/MzA3NTI1NDcwMQ==/2650144976/2.
167 Sun Hui, “HYDATA makes breakthrough with new lip reading system,” China Daily, August 1, 2017, http:/www.chinadaily.com.cn/regional/chongqing/liangjiang/2017-08/01/content_30327784.htm
168 “AI
People’s Daily, December 8, 2017, https://web.archive.org/web/20230524024807/http:/ydyl.people.com.cn/n1/2017/1208/c412402-29695695.html
The laboratory operated under Chen Quanguo, then the region’s Party Secretary, whose tenure marked the onset of mass internment and enhanced, digital surveillance of Uyghurs.169
A closer look at Hydata reveals yet another dimension of Microsoft’s deep integration into China’s technology ecosystem: Its own network of incubators, separate from its flagship Accelerator. In 2018, the company launched a new AI incubator program in partnership with Microsoft, designed to nurture a new generation of Chinese startups in data analytics and artificial intelligence – in turn, extending Microsoft’s influence and reach deeper into China’s innovation pipeline.171
Feeding the Pipeline: Microsoft’s Government-Backed Incubators Fuel China’s Police State
In addition to its Accelerator, Microsoft has also fostered an extensive network of earlier-stage incubators in China, often established through partnerships with local governments and Chinese technology and industry parks. While the company has never published a comprehensive roster of alumni, public records and promotional materials show that these incubators have supported firms operating in sectors central to China’s surveillance state and military-civil fusion strategy.
,” [Haiyun Data was awarded the title of "Technical Support Unit for Xinjiang Public Security Video Laboratory"] Sohu, August 23, 2017, https://www.sohu.com/a/166622117_577703; Samantha Hoffman, “Engineering Global Consent: The Chinese Communist Party’s Data-Driven Power Expansion,” Australian Strategic Policy Institute (ASPI), 2020, https://www.aspi.org.au/report/engineering-global-consent-chinese-communist-partys-data-driven-powerexpansion/.
170 “Alibaba’s City Brain Expands Influence Across China,” GeekPark (archived), January 2024, https://web.archive.org/web/20240111020331/https://www.geekpark.net/news/224840
171 “China’s AI Surveillance Technology Advances Rapidly,” Yicai Global (archived), December 30, 2023, https://web.archive.org/web/20231230182546/https://www.yicai.com/news/100088790.html
Hydata founder Feng Yicun demonstrates facial recognition technology as part of the launch of the company’s smart policing platform.170
Launched in 2015, Microsoft China’s “Cloud and Mobile Technology Incubation Plan” (云暨移 动 技 术 孵化 计 划 ) represents a quieter but equally consequential tier of the company’s China operations. If Microsoft’s elite Accelerator is akin to an Ivy League program for startups, these incubators function more like the preparatory schools that feed into it – cultivating early-stage Chinese tech companies with direct support from both Microsoft and local government authorities.172
Under the program, Microsoft partners with municipal governments and industrial parks across China to establish innovation hubs where startups receive access to Microsoft’s software, cloud tools, and engineering expertise, along with business mentorship and networking support. Day-today operations are handled by third-party firms, but the branding, technical guidance, and infrastructure are Microsoft’s.
By late 2017, Microsoft reported that the Incubation Plan had launched 22 incubators, supporting over 250 entrepreneurial teams, 62 of which had collectively raised RMB 2.7 billion in venture capital and achieved a market valuation of RMB 10.5 billion. Just one year later, the company claimed 26 incubators hosting 600 startups worth a combined RMB 15 billion – signaling rapid expansion and growing government alignment.173
Some of these incubators were explicitly focused on artificial intelligence. Among them was Unicorn Ranch (独角兽牧场), a joint venture founded in 2017 by Microsoft, the Nansha district government in Guangzhou, and the Heung Kong Group, which specialized in developing AI applications for industry and governance.174
Another AI-centric incubator was launched in Chongqing in 2018, with Microsoft pledging to provide support across Azure cloud, machine learning, and cognitive services – key components of the company’s global AI architecture.175
While the status of many of these incubators is uncertain (some appear dormant or defunct) the initiative has not disappeared. In August 2023, Microsoft China president Yuan Xin signed yet another agreement with the Zhenjiang municipal government in Jiangsu province to expand the program, underscoring the company’s continued commitment to supporting China’s technology sector despite mounting geopolitical and security concerns.176
172 https://tinyurl.com/3hzjpyx8,
173 https://tinyurl.com/3hzjpyx8, https://tinyurl.com/ysa2rswt
174 https://web.archive.org/web/20231231192300/http:/kjj.gz.gov.cn/kpzl/kpjd/content/post_2683833.html, https://web.archive.org/web/20231231201007/http:/it.people.com.cn/n1/2018/0118/c355232-29773514.html, https://web.archive.org/web/20231231193923/https:/www.toutiao.com/article/6625003090225398276/?wid=170405 1563102
175 https://archive.ph/C2jTO
176 https://archive.ph/1T0Ex
Incubating Surveillance: Microsoft-Backed NSOC Tracks China’s ‘Special Social Groups’
To be sure, Microsoft’s Cloud and Mobile Technology Incubation Plan has nurtured hundreds of Chinese startups since its launch, most of which operate in conventional industries such as retail, manufacturing, and health technology. But among these seemingly benign ventures are other companies developing tools that directly serve the Chinese state’s surveillance and social control apparatus. One of the most concerning examples is NSOC (上海悦程信息技术有限公司) – a firm that openly markets monitoring software to Chinese law enforcement and government agencies.
As of July 2024, NSOC’s own website promoted a suite of “smart city” surveillance systems capable of tracking individuals categorized as “special social groups.” In China’s bureaucratic lexicon, this euphemism refers to people deemed socially unstable or potentially threatening, a catch-all classification that includes former prisoners, drug users, people with mental disabilities, vagrants, and beggars. These groups, while marginalized, are treated by authorities as potential “security risks” subject to constant observation. According to NSOC’s promotional materials, its surveillance system “records [their] geographical distribution, classification, and personal information to establish a file for each person,” while maintaining “a targeted early warning and handling process.”
The software further boasts an “early warning mechanism for potential social hazards” that automatically issues alerts to the Political and Legal Committee – the Communist Party organ overseeing law enforcement – and to public security departments. The company’s platform enables real-time tracking of these individuals’ movements and the actions of officials tasked with monitoring them.177
NSOC also markets an “integrated management platform” designed to fuse data from video surveillance, community sensors, and alarm systems into a single, district-wide monitoring interface – a model consistent with China’s broader “smart city” initiatives.178
While the concept of smart cities often carries benign connotations of efficiency and modernization, in the Chinese context it frequently encompasses the digital surveillance infrastructure used for predictive policing, population control, and even ethnic profiling.
NSOC emerged from Yunsai Space ( 云 赛 空 间 ), a Microsoft-affiliated incubator in Shanghai founded in 2016 under the Cloud and Mobile Technology Incubation Plan, in partnership with the state-owned INESA Group.179 A 2018 announcement from a Yunsai-linked site described NSOC’s clients as including government bodies, the Supreme People’s Procuratorate, the defense industry,
177 https://www.nsoc.cn/#/scenarios
178 https://www.nsoc.cn/#/scenarios
179 https://tinyurl.com/3xrc26rs, https://web.archive.org/web/20230827151132/https:/www.inesa-it.com/news2-345.html
and counterterrorism agencies, signaling that its surveillance technologies were already embedded in core security functions.180
Even after its initial incubation, NSOC continued to receive support through Microsoft’s startup acceleration ecosystem. A September 2023 WeChat post from Microsoft China identified NSOC as a participant in the Microsoft Innovation Empowerment and Ecosystem Acceleration Program – Suzhou Artificial Intelligence Industry Innovation Center (微软创新赋能暨生态加速计划·苏 州人工智能产业创新中心). The program’s Fulcrum Accelerator Camp, active since 2019, has hosted more than 200 companies, including NSOC, which benefited from continued access to Microsoft’s cloud, AI, and business development resources.181
A Microsoft WeChat post shows logos of companies that have been through the Fulcrum Accelerator Camp. NSOC’s logo outlined in red.
NSOC is not the only graduate of Yunsai Space to pivot toward surveillance technology. Another alumnus, Skyinfor (上海天覆信息科技有限公司), also known as Tianfu Technology, incubated at Yunsai in late 2018, quickly gained recognition for its role in advancing China’s domestic monitoring infrastructure.182
Less than a year after completing Microsoft’s incubation program, Skyinfor received an official award for developing a “smart city management and control platform” deployed in a district of Shanghai – a system built under the framework of the government’s Xueliang, or “Sharp Eyes,” Project.183
180 https://web.archive.org/web/20230827150836/https:/www.i-lab.sh.cn/ilabhtml/201806/48f031b3-4278-40d091a8-8b905a007d9b.html
181 https://archive.ph/eUXtN
182 https://archive.ph/TC5EW
183 https://archive.ph/bP0hw, https://archive.ph/TtxtV
Launched nationwide in 2015, the Sharp Eyes Project is one of China’s most expansive surveillance initiatives, designed to integrate facial recognition systems, ubiquitous public video monitoring, and centralized police databases into a single intelligence network.
Its stated goal – that “the people should see everything” – reflects Beijing’s drive to achieve total situational awareness across urban and rural China alike.184 Skyinfor’s success under this program further illustrates how Microsoft’s incubation ecosystem has, in practice, helped cultivate companies contributing directly to the country’s mass-surveillance architecture.
184 https://cset.georgetown.edu/article/chinas-sharp-eyes-program-aims-to-surveil-100-of-public-space/
Microsoft’s Collaboration with the Chinese Academy of Sciences
Microsoft’s entanglements in China extend well beyond MSRA, its formal Accelerator, and the broader network of incubator programs. In addition to its ongoing collaborations with an array of Chinese universities, the company also maintains close research relationships with the Chinese Academy of Sciences (CAS) – the government’s premier scientific institution and a key contributor to China’s military-civil fusion strategy.
Publicly available information shows that MSRA has not only conducted technical exchanges and joint research projects with CAS scholars but has also provided financial support to at least one CAS-affiliated program. These engagements have continued even as several CAS institutes were added to the US Commerce Department’s Entity List, which targets organizations “posing a significant risk of being or becoming involved in activities contrary to the national security or foreign-policy interests of the United States.”
In 2022, the CAS Institute of Computing Technology (ICT) was formally sanctioned under this designation.185 Yet Microsoft’s collaborations did not seem to cease. The company went on to host multiple ICT researchers in residency programs at MSRA – including at least one individual mentored by Microsoft scientists after the institute’s addition to the Entity List. In May 2024, the US Department of Commerce added four additional institutes of the Chinese Academy of Sciences (CAS) to its Entity List, citing their role in “acquiring and attempting to acquire U.S.-origin items in support of advancing China’s quantum technology capabilities.” The Commerce Department emphasized that these activities posed “serious ramifications for U.S. national security” because of their direct military applications, particularly in the development of quantum computing and encryption technologies with potential defense uses.186
Just a few months later, in September 2024, the US House of Representatives passed H.R. 1516, the DHS Restrictions on Confucius Institutes and Chinese Entities of Concern Act. 187 The legislation, still pending Senate approval, would formally designate any organization affiliated with the Chinese Academy of Sciences as a “Chinese entity of concern.” This classification would
185 “Additions and Revisions to the Entity List and Conforming Removal From the Unverified List,” December 19, 2022, https://www.federalregister.gov/documents/2022/12/19/2022-27151/additions-and-revisions-to-the-entity-listand-conforming-removal-from-the-unverified-list
186 “Additions of Entities to the Entity List,” May 14, 2024, https://www.federalregister.gov/documents/2024/05/14/2024-10485/additions-of-entities-to-the-entity-list
187 See the bill text, here: https://www.congress.gov/bill/118th-congress/house-bill/1516
prohibit CAS and its subsidiaries from entering into cooperative agreements, contracts, or partnerships with US institutions of higher education, effectively severing academic and research collaboration between American universities and China’s leading State-run scientific apparatus.
CAS Visiting Scholars at Microsoft
Microsoft has maintained a close and sustained partnership with CAS across multiple research initiatives, including work in advanced AI and other dual-use technologies with potential national security implications. Many of these collaborations have taken the form of mentorship and exchange programs, in which Microsoft researchers directly train and supervise CAS-affiliated scholars.
Among the most prominent of these initiatives are MSRA’s “Star Track Program” (铸星计划), literally Star Forging Program), designed for visiting scholars, and the “Star Leap Program” (星跃 计划), launched in 2021 to support graduate students.188 Both programs are intended to cultivate elite Chinese research talent through long-term collaboration with Microsoft engineers and scientists. The company has publicly celebrated several alumni of these programs – including multiple researchers affiliated with CAS – as examples of successful international scientific cooperation.
Yet these partnerships continued even after U.S. sanctions made such affiliations highly sensitive. Shortly after the CAS Institute of Computing Technology (ICT) was added to the U.S. Entity List in December 2022, Microsoft hosted Liu Guodong (刘国栋), a Ph.D. candidate from the Institute, through its Star Leap Program.189 For one year, Liu conducted research on “high-performance distributed deep learning” under the mentorship of scientists from both MSRA and Microsoft Research US, despite ICT’s designation as an entity posing a national security risk to the United States.
A Microsoft Chinese-language press release about the mentorship program described Liu’s work at Microsoft:
After finishing the day's scientific research work, Liu Guodong, a PhD student at the Institute of Computing Technology of the Chinese Academy of Sciences, walked out of the Microsoft Building, and raised his head to star points. His headphones contained the warm melody of the Soda Green Band.
Through the ‘Star Leap Project’ one year of internship at the Microsoft Asian Institute, Liu Guodong – under the guidance of two mentors, Miao Houshan, a
188See archived records on the programs, here: https://web.archive.org/web/20240916143039/https://www.msra.cn/zh-cn/connections/academic-programs/starleap; https://web.archive.org/web/20240916122643/https://www.msra.cn/zh-cn/connections/academic-programs/startrack
189 See the profile on Microsoft’s news page: https://www.microsoft.com/en-us/research/articles/starleap-guodongliu/
senior research and development engineer at the Microsoft Redmond Institute, and Saeed Maleki – revolved around the acceleration of deep learning models.
As intended, “The Star Leap Project” builds a bridge between outstanding talents and the research teams of the two major research institutes of Microsoft, creating an opportunity for them to focus on real frontier issues together [emphasis added]. For Liu Guodong, this “scientific research trip across the ocean” not only allowed him to realize his scientific research ideas, but also gave him a new epiphany in thinking methods and scientific research taste.190
Other participants from the Chinese Academy of Sciences’ Institute of Computing Technology (ICT) have also taken part in Microsoft’s mentorship initiatives, underscoring the company’s sustained engagement with sanctioned Chinese research institutions. In 2022, Professor Yao Di ( 姚迪), a senior researcher at the Institute of Computing Technology, joined Microsoft Research Asia’s Star Track Program, where he was mentored by Microsoft scientists. Yao specializes in trajectory data analysis, a field that enables the tracking and prediction of object and individual movements in real time – technology with clear surveillance, security, and aerospace applications.191
A year earlier, in 2021, Professor Xiao Li (肖力), also from the Institute of Computing Technology, participated in the Star Track Program, focusing on the use of artificial intelligence in biological and physical sciences. His research explored AI’s ability to model complex systems – another area with potential dual-use implications for both civilian and military research.192
Microsoft has publicly highlighted only a handful of participants from these programs. The full roster of visiting scholars and their research topics has never been disclosed. Given the scale and continuity of the Star Track and Star Leap initiatives, it may be the case that additional CASaffiliated researchers have taken part, raising broader questions about how Microsoft screens participants from foreign institutions tied to China’s military-civil fusion and scientific research ecosystems.
Microsoft’s Relationship with the Chinese Academy of Sciences Dates Back More Than a Decade
Microsoft’s collaboration with CAS is not new – it spans more than a decade of engagement across multiple research fronts. Public records and institutional announcements reveal that Microsoft and CAS scientists have interacted regularly since at least the early 2010s, forging connections that persist to the present day.
,” Microsoft Research, September 14, 2024, https://www.microsoft.com/en-us/research/articles/starleap-guodong-liu/
191 “铸星闪耀 | 姚迪:与
,” Microsoft Research Asia, August 24, 2022, http://bit.ly/436uLJR.
192 “铸星闪耀 | 肖立:用人工智能解谜生物学与物理学
密码,” Microsoft Research Asia, August 9, 2021, http://bit.ly/46JrQcx
One current example is the presence of a CAS member on the advisory committee of the MSRA Theory Center, which was established in 2021 to advance foundational research in artificial intelligence and computer science. 193 The committee’s composition underscores how deeply Microsoft has integrated Chinese state-affiliated researchers into its academic and technical ecosystem.
The partnership extends further back. In 2017, a chief researcher from MSRA’s Knowledge Computing Group traveled to the CAS Institute of Automation to present Microsoft’s latest work in big data and text analysis, areas central to natural language processing and machine learning.194
Even earlier, in 2014, a delegation of senior Microsoft scientists, including Padmanabhan Anandan of Microsoft Research and Zhou Ming of MSRA, visited the CAS Institute of Computing Technology to discuss advances in machine vision research, with a focus on sign language recognition. A report published on the CAS website noted that Microsoft had provided financial and research support for the Visual Information Processing and Learning Research Group at CAS – an initiative that reflected Microsoft’s early investment in China’s AI research infrastructure.195
Taken together, these examples demonstrate that Microsoft’s collaboration with the Chinese Academy of Sciences has been continuous and institutionally reinforced. That tie positions the company as a long-term partner in China’s broader, State-directed pursuit of artificial intelligence and advanced computing R&D.
193 “MSR Asia Theory Center Launches New Initiatives,” Microsoft Research Asia (archived), September 2024, https://web.archive.org/web/20240916143738/https://www.msra.cn/zh-cn/news/headlines/msr-asia-theory-center; “MSR Asia Theory Center Advisory Committee,” Microsoft Research (archived), September 2024, https://web.archive.org/web/20240916144046/https://www.microsoft.com/en-us/research/group/msr-asia-theorycenter/advisory-committee/.
194 CAS Leaders Meet with International Delegations,” Chinese Academy of Sciences (archived), October 26, 2017, https://web.archive.org/web/20200407092340/http://www.cas.cn/yx/201710/t20171026_4619318.shtml
195 “CAS Hosts International Cooperation Forum,” Chinese Academy of Sciences (archived), November 6, 2014, https://web.archive.org/web/20200405153655/http://www.cas.cn/hzjl/gjjl/hzdt/201411/t20141106_4248949.shtml
Microsoft and Talent Programs
Microsoft’s longstanding engagement with the Chinese Academy of Sciences is one thread in a broader pattern of researchers and research affiliates that introduce ties to China’s State-directed R&D infrastructure. Talent programs demonstrate further exposure to China’s State-directed efforts. Chief among these initiatives is the Thousand Talents Program (千人计划), a Chinese Communist Party program created to recruit overseas scientists, engineers, and entrepreneurs –primarily ethnic Chinese working abroad – to return to China or maintain dual institutional affiliations while transferring foreign research and intellectual property.
The program also targets non-Chinese, international experts in strategic sectors, all with the aim of helping China close critical technological gaps, localizing cutting-edge research and development, and ultimately advancing its national innovation and defense goals. While presented publicly as a benign effort to attract foreign expertise, these talent programs have repeatedly been linked by U.S. counterintelligence and Congressional investigators to industrial espionage and technology transfer in sectors critical to national security.
The US Senate Permanent Subcommittee on Investigations concluded that China’s talent programs “are not about advancing science – they are about advancing China’s national security interests.”196 Similarly, the Australian Strategic Policy Institute (ASPI) noted in its 2020 report Hunting the Phoenix that from 2008 to 2016, these recruitment programs brought nearly 60,000 overseas professionals to China, operating through opaque channels that “are widely associated with misconduct, intellectual property theft, or espionage,” and that directly “contribute to the modernization of the People’s Liberation Army.”
197 Several criminal prosecutions in the United States have illustrated how talent program affiliations have coincided with theft of proprietary information and intellectual property from U.S. institutions. Among the most notable are Harvard chemist Charles Lieber, convicted for concealing payments from the program; 198 Emory University professor Xiao-Jiang Li;199 Coca-Cola scientist You Xiaorong, who stole trade secrets
196 “China’s Talent Recruitment Plans: Risks for the United States,” U.S. Senate Homeland Security & Governmental Affairs Committee, PSI Staff Report, November 18, 2019, https://web.archive.org/web/20191122192323/https://www.hsgac.senate.gov/imo/media/doc/2019-1118%20PSI%20Staff%20Report%20-%20China%27s%20Talent%20Recruitment%20Plans%20Updated.pdf
197 Alex Joske, “Hunting Phoenix: The Chinese Communist Party’s Campaign to Recruit Global Talent,” Australian Strategic Policy Institute (ASPI), 2020,https://www.aspi.org.au/report/hunting-phoenix/.
198 Ellen Barry and Gina Kolata, “Harvard Scientist’s Arrest Shines Light on China’s Ambitions,” The New York Times, January 28, 2020, https://www.nytimes.com/2020/01/28/us/charles-lieber-harvard.html.
199 “Former Emory University Professor and Chinese Thousand Talents Program Participant Convicted,” U.S. Department of Justice (Archived), https://www.justice.gov/archives/opa/pr/former-emory-university-professor-and-chinese-thousand-talentsparticipant-convicted-and
related to beverage technology;200 and former GE Power engineer Zheng Xiaoqing, convicted in 2023 for stealing turbine technology for a Chinese company.201
Microsoft Backed a Thousand Talents-Linked AI Military Institute
Microsoft itself has acknowledged that a number of its MSRA alumni were participants in the Thousand Talents Program. The Chinese science and technology ecosystem’s web of talent programs serve as an avenue by which the State guarantees access to and asserts influence over the direction and application of the country’s scientific advance. Elevation into a national-level talent program, like Thousand Talents, is a sign of prestige – also of proximity to the Chinese government and its strategic objectives.
Publicly available evidence also shows that Microsoft collaborated extensively with Song-Chun Zhu, a leading figure in computer vision and cognitive AI who was recruited into the Thousand Talents Program roughly fifteen years ago while still a professor at UCLA. Harry Shum, then the President of MSRA, co-founded Lotus Hill Research Institute with Zhu, and MSRA provided early support to the Institute. In November 2023, Newsweek reported that while at UCLA, Song-Chun Zhu had received roughly $30 million in US government research grants from agencies including DARPA, the US Navy, and the US Army to develop military applications of artificial intelligence. Zhu later left the United States to pursue similar projects in China, working directly on initiatives aligned with Beijing’s state AI agenda.202 After his return to China, Zhu submitted a proposal to the Chinese People’s Political Consultative Conference (CPPCC) in which he likened the strategic significance of AI to that of the atomic bomb, declaring that it would define “the strategic commanding heights of international scientific and technological competition in the next 10 to 20 years.”
Microsoft’s relationship with Zhu dates back nearly two decades, according to public records that have not been previously reported. In 2004, Harry Shum, then a senior Microsoft executive and head of MSRA, co-founded the Lotus Hill Institute of Computer Vision and Information Science near Wuhan with Zhu. While at Microsoft, Shum provided key institutional and technical support to the newly established institute, helping it become one of China’s early research centers for advanced computer vision and pattern recognition. An undated Microsoft China press release described Shum’s supporting role:
The establishment and construction of Lotus Hill Research Institute received strong support from Microsoft Research Asia. Dr. Shen Xiangyang [i.e. Harry Shum],
200 “One American and One Chinese National Indicted in Tennessee for Conspiracy to Commit Theft of Trade Secrets,” U.S. Department of Justice (Archived), https://www.justice.gov/archives/opa/pr/one-american-and-one-chinese-national-indicted-tennessee-conspiracycommit-theft-trade.
201 “Former GE Power Engineer Sentenced for Conspiracy to Commit Economic Espionage,” U.S. Department of Justice (Archived), https://www.justice.gov/archives/opa/pr/former-ge-power-engineer-sentenced-conspiracy-commit-economicespionage
202 Naveed Jamali, “U.S. Gave $30 Million to Top Chinese Scientist Leading China’s AI Race,” Newsweek, January 2024, https://www.newsweek.com/us-gave-30-million-top-chinese-scientist-leading-chinas-ai-race-1837772
President and Chief Scientist of Microsoft Research Asia, made three special visits to Lotus Hill Research Institute. In addition to supporting research funds every year, Microsoft Research also provides software, research materials, and international exchange support to researchers participating in projects at Lotus Hill Research Institute. 203
According to a 2024 report from the House Select Committee on the Strategic Competition Between the United States and the CCP, Lotus Hill “effectively became a platform for Chinese scholars to engage with AI technology for military applications, facilitating cross-institutional knowledge transfer.” In 2008, according to the report, the Institute launched a project under China’s 863 Program, a program that explicitly funds efforts to clandestinely acquire U.S. technology and sensitive economic information.204
Zhu was appointed the head of the Institute for Artificial Intelligence at Peking University in 2020, and Shum was appointed a month before him to head the Institute’s Academic Committee.205 Both are still in these roles at the Institute as of October 2025.206 Shum, meanwhile, appears to have maintained ongoing ties to Microsoft as an emeritus researcher as well, underscoring the company’s enduring connections to key figures now driving China’s state-aligned AI development.207
Microsoft Research Asia’s Alumni Network and the Thousand Talents Connection
In a November 2016 corporate blog post, Microsoft noted that 20 MSRA alumni had been selected as members of either the Thousand Talents Program or the National Science Fund for Distinguished Young Scholars – a testament to the lab’s central role in nurturing researchers later absorbed into China’s state-directed innovation ecosystem.208
One such alumnus is Zhang Zheng (张峥), who worked as a vice president at MSRA from 2001 to 2014 before joining NYU Shanghai as a professor. In 2016, the Chinese financial outlet Caixin
203 See an archived record, here: https://blog.csdn.net/begtostudy/article/details/1335544
204 “Research Security Report,” U.S. House Select Committee on the CCP, September 23, 2024. (Referenced specifically: Footnote O, p. 19), https://selectcommitteeontheccp.house.gov/sites/evo-subsites/selectcommitteeontheccp.house.gov/files/evo-mediadocument/2024-09-23%20Research%20Security%20Report.pdf (See Footnote O, P. 19).
205 “Microsoft Researcher Profile Featured in PKU Media,” Peking University (archived), January 2025, https://web.archive.org/web/20250124040607/https://english.pku.edu.cn/PKUmedia/10191.html
206 “Faculty Profile: Wang Yuhui,” Peking University School of Artificial Intelligence (archived), https://web.archive.org/web/20251022151337/https://sai.pku.edu.cn/xygk/wyh.htm
207 “HongShum (Hongjiang Zhang) Microsoft Research People Directory,” Microsoft Research, https://www.microsoft.com/en-us/research/people/hshum/; “Microsoft Researcher Profile Featured in PKU Media,” Peking University (archived), January 2025, https://web.archive.org/web/20250124040607/https://english.pku.edu.cn/PKUmedia/10191.html.
208 Discussed as “20 位院友入
金“ in the archived Microsoft source from November 15, 2016, here: http://bit.ly/4q2rchF
identified Zhang as an expert affiliated with the Thousand Talents Program, reflecting his integration into Beijing’s overseas recruitment network for advanced technical talent.209
Another Thousand Talents expert, Li Shipeng ( 李世 鹏 ), was a founding member and vice president of MSRA before becoming vice president of iFlyTek, a company sanctioned by the U.S. government in 2019 for providing technology used in mass surveillance and human rights abuses in Xinjiang.210
A 2018 bio published by the China Computer Federation described Li as “an expert of the National Thousand Talents Program” and co-director of the iFlyTek Research Institute. It also credited him as one of the original architects of Microsoft Research Asia.211
Zhang Yaqin (张亚勤) offers another example of how senior Microsoft talent transitioned into China’s strategic technology establishment. A key Microsoft executive for sixteen years, Zhang served as Managing Director of MSRA, Chairman of Microsoft China, and later Corporate Vice President in Redmond. He founded the Microsoft Asia R&D group – now the company’s largest engineering operation outside the United States – and launched Microsoft’s Asia Venture Accelerator, which incubated more than 300 startups valued at over $20 billion. Zhang later became president of Baidu and now serves as a professor of artificial intelligence at Tsinghua University.212 Chinese media outlets confirm that he was selected as a Thousand Talents member as a Chinese American.213
Wen Jirong (文继荣), who worked at MSRA from 1999 to 2013 as a senior researcher and director of the Internet Search and Mining Group, was selected in 2013 as a national Thousand Talents 209 “只要有一口气
传》,” ScienceNet, November 25, 2022, https://news.sciencenet.cn/htmlnews/2022/11/490074.shtm
210 “U.S. Government Adds 28 Chinese Entities Associated With Human Rights Violations and Abuses,” Baker McKenzie Sanctions News & Insights Blog, October 9, 2019, https://sanctionsnews.bakermckenzie.com/us-government-adds-28-chinese-entities-associated-with-human-rightsviolations-andabuses/#:~:text=On%20October%209%2C%202019%2C%20the,license%20requirement%20to%20such%20entities .
211
“China Computer Federation Event Calendar Announcement,” CCF.org.cn (archived), July 2, 2018, https://web.archive.org/web/20240302190058/https://www.ccf.org.cn/Activities/Event_calendar/fbhd/2018-0702/631998.shtml.
212 “Member Profile: Ya-Qin Zhang,” Committee of 100 (archived), https://web.archive.org/web/20240225194600/https://www.committee100.org/member/ya-qinzhang/
213 “Chinese News Report on AI and Industry Developments,” China News Service (archived), April 8, 2018, https://web.archive.org/web/20240225195809/https://www.chinanews.com.cn/m/cj/2018/04-08/8485489.shtml
“specially appointed expert.”214 After his selection, he joined Renmin University, later founding Elensdata (一览群智), a company specializing in semantic AI technologies.215
The company’s corporate profile describes its founding team as including “specially appointed experts from the National Thousand Talents Program and chief researchers of AI at Microsoft Research,” and notes that it provides AI application services to national ministries, central enterprises, and major financial institutions, again demonstrating the migration of Microsofttrained expertise directly into China’s state and enterprise infrastructure.216
Zhang Hongjiang ( 张 宏江 ) followed a similar path. After working at Microsoft’s U.S. headquarters, he moved to Microsoft China around 1999, becoming the assistant managing director at MSRA and a member of the Executive Management Committee of Microsoft China Limited. 217 In 2011, he left Microsoft to become CEO of Kingsoft, one of China’s leading software and cloud storage firms.218
A 2013 Beijing News profile reported that Zhang was recruited back to China through the Thousand Talents Program to serve as CEO of Kingsoft, positioned as a Chinese alternative to Microsoft. While at Microsoft, Zhang was credited with facilitating the return of hundreds of overseas Chinese engineers and researchers to work in China.
“From Microsoft to Kingsoft, Zhang Hongjiang, who returned to China over a decade ago, finally made his mark in China,” Beijing News wrote. “At Microsoft, he brought hundreds of overseas talent back to China to work there. And now, at Kingsoft, he’s a talent recruited through the Thousand Talents Program.”219
The connection remains significant even after Zhang’s 2016 retirement from Kingsoft. In October 2020, China’s Ministry of Commerce (MOFCOM) imposed an announcement of export controls on rare earths in WPS format, a proprietary document type developed by Kingsoft that is incompatible with Microsoft Word.220
214 “报告题目: 跨模态大数据实时交互式分析,” 第 37 届 CCF 中国数据库学术会议(NDBC 2020) https://conf.ccf.org.cn/web/html7/JBdetail.html?channelId=8a9e362c74b366280174b5023f610024&CmsId=700658 3bd06d4325bfabcb0877b68beb&globalId=4e4df49db27f462f829632fa72998b19.
215 “CCF 第十二届理事会候选人风采展示,” 换届首页, https://www.ccf.org.cn/c/2019-10-08/669282.shtml
216 “About Us,” Elensdata.com, www.elensdata.com/about.html
217 “Hongjiang Zhang,” International Telecommunication Union (ITU), https://www.itu.int/en/ITU-T/AI/Pages/zhang.hongjiang.aspx
218 “BrandCN Feature on Technology and Culture 2012,” BrandCN (archived), August 29, 2013, https://web.archive.org/web/20170725183142/http://zt.brandcn.com/yzgctx2012/130829_355462.html; “Beijing News Report on AI Industry Growth,” Beijing News (ThePaper) (archived), https://web.archive.org/web/20240219224601/https://m.bjnews.com.cn/detail/155147256914562.htm.
219 “Beijing News Report on AI Industry Growth,” Beijing News (ThePaper) (archived), https://web.archive.org/web/20240219224601/https://m.bjnews.com.cn/detail/155147256914562.htm
220 “China’s Tech Sector Advances Despite Challenges,” Global Times, October 2025, https://www.globaltimes.cn/page/202510/1345433.shtml
The measure underscores how China’s domestic software ecosystem, once seeded by returnees like Zhang, has matured into a strategic counterweight to US technology platforms. Following the announcement, President Trump threatened reciprocal restrictions on the export of “all critical software solutions” from the United States.221
Finally, Chen Benfeng (陈本峰), identified by Xinhua as a Thousand Talents expert, worked on the core R&D team for Microsoft’s Internet Explorer browser in the United States before returning to China in 2012. 222 That same year, he founded AllMobilize ( 美通云 动 ), a mobile cloud company, and later launched Red Core, a browser touted as a domestically produced alternative to Chrome.223 When it was later revealed that Red Core was little more than a repackaged version of Google Chrome, it caused a minor scandal in China’s tech industry – but also highlighted how Microsoft-trained engineers like Chen were instrumental in shaping China’s domestic software ecosystem.224
221 Arjun Kharpal, “Trump Imposes New Tariffs Targeting China’s Software and Digital Firms,” CNBC, October 10, 2025, https://www.cnbc.com/2025/10/10/trump-trade-tariffs-china-software.html.
222 “CNICN Smart City Development Summary,” China National Information Center (archived), https://web.archive.org/web/20240218194808/http://cnicn.org/sys-nd/1316.html.
223 “Youth Daily Report on Technology Policy,” CYOL.com (archived), June 7, 2017, https://web.archive.org/web/20240510172904/https://news.cyol.com/co/2017-06/07/content_16159228.htm
224 Canada Sing Tao: Report on China Tech Developments,” Sing Tao Daily (Canada) (archived), https://web.archive.org/web/20240218181245/https://www.singtao.ca/2196053/?variant=zh-cn
Conclusion: Recommendations Toward Recalibration of Incentives
This analysis has outlined a long-standing and increasingly troubling dynamic at play: Microsoft’s presence in China appears at odds with American national security. That is a challenge for Microsoft’s US national security customers that may have their systems rendered vulnerable by Beijing’s proximity to the vast attack surface of shared or accessible systems, architectures, and human capital. Addressing those vulnerabilities will require new, enhance, and diligent attention from Microsoft’s leaders – and a corresponding corporate strategy that prioritizes the American market over China.
US policy can help to serve as a catalyst toward that end. Microsoft’s innovations are many, and its platforms will remain central to U.S. government missions. But dependency without guardrails is a significant strategic liability. The “digital escorts” episode, Microsoft’s long‑standing R&D and commercial exposure in China, and repeated State‑linked intrusions leveraging Microsoft technology all point to the same conclusion: The federal enterprise must reduce concentration risk, enforce bright‑line personnel and data‑sovereignty rules, and insist on transparency around PRC ties. Policy solves in those directions and measures to activate US federal procurement as an influence can be a necessary first step toward a broader recalibration of incentives away from maintaining market access in China and toward an embrace of the US market.
Several recommendations that seek to realign federal technology strategy with principles of resilience, accountability, and strategic independence, ensuring that innovation remains an asset to US power, not a point of vulnerability.
1) Reduce Single‑Vendor Concentration. Set diversification targets for identity, collaboration, and endpoint platforms. Establish cross‑vendor “break‑glass” capabilities that preserve mission continuity if a single platform is degraded.
2) Prohibit Offshore Personnel on Sensitive Work in the PRC. Codify the DoW “digital escorts” ban across the federal enterprise for privileged roles. Require annual third‑party audits of vendor personnel locations and access pathways, with penalties for nondisclosure.
3) Transparency on PRC Research and Partnerships. Require vendors to fully disclose PRC research collaborations, joint labs, and funding flows relevant to dual‑use domains.
Treat undisclosed PRC co‑authorships in sensitive fields as a material risk in security authorizations.
4) Tighten Cloud and AI Export Guardrails for Work in the PRC. Mandate attestations, telemetry, and enforcement for advanced AI model access, with explicit prohibitions on PRC indirect access. Require U.S.‑jurisdiction operations for support and model‑safety teams serving federal workloads.
5) Assume Breach, Engineer Resilience. Adopt architectures that compartmentalize identity keys and minimize trust in vendor‑managed signing infrastructure. Increase deployment of hardware‑backed MFA, cross‑domain solutions, and continuous validation independent of any single vendor.
6) Align Incentives. Expand the use of performance‑based cybersecurity clauses, with fee holdbacks tied to transparent incident disclosure, secure‑by‑design milestones, and third‑party verification.
