All U.S. AI data centers “are almost certainly infiltrated by the CCP” - Report

Artificial intelligence (AI) built by private laboratories to store sensitive U.S. national security information is in danger of being hacked by the Chinese government. This is because the components used to build the relevant data centers are almost exclusively made in China.

That's according to an exclusive, U.S. government-sponsored report titled America's Superintelligence Project, made public on Tuesday, April 22, and circulated within the White House in recent weeks.

Today's state-of-the-art artificial intelligence data centers are vulnerable to both asymmetric sabotage and exfiltration attacks, in which the most advanced artificial intelligence models housed in them could be stolen or guarded, the paper warns.

“You could end up with dozens of data center sites that are essentially stranded assets that cannot be retrofitted to the required level of security,” write brothers Jeremie and Edouard Harris, authors of the report, who say even the most advanced data centers currently under construction, including OpenAI's Stargate project, would be vulnerable to the same attacks.

The Harris brothers founded Gladstone AI, a company that advises the U.S. government on the security implications of AI. During their year-long research period, they visited a data center run by a major U.S. technology company along with a team of former U.S. special forces cyber-espionage specialists.

At risk, the two argued, is not only the tech companies' money, but also U.S. national security in the context of the intensifying geopolitical race with China to develop advanced artificial intelligence.

This is why calls for greater U.S. government involvement in securing frontier research on AI have grown in recent times, leading to a formal recommendation by the U.S.-China Economic and Security Review Commission (USCC) to establish a “Manhattan Project for Artificial Intelligence.”

The prospect of such a superintelligence project has also been widely discussed in Silicon Valley, becoming public knowledge when former OpenAI researcher Leopold Aschenbrenner published his influential manifesto in June 2024.

“Throughout history we have seen that countries that first take advantage of periods of rapid technological change often succeed in causing shifts in the global balance of power,” said Jacob Helberg, USCC commissioner and senior advisor to the CEO of software company Palantir.

The Manhattan Project was a large-scale collaboration between the U.S. government and the private sector during World War II that produced the first atomic bombs.

What is hypothesized for AI, on the other hand, should lead to the development of what insiders call superintelligence: an AI technology so powerful that it can be used to gain a decisive strategic advantage over China.

All major AI companies are trying to develop artificial superintelligence (ASI), and in recent years both Washington and Beijing have realized its potential geopolitical importance, although there is no shortage of criticism regarding the implementation of this form of AI.

In particular, it was the recent report "AI 2027" - authored by former OpenAI researcher Daniel Kokotajlo, well-known blogger Scott Alexander, and Thomas Larsen, Eli Lifland, and Romeo Dean and published by the nonprofit organization AI Futures Project - that outlined a hypothetical scenario in which ASI could (also) destroy humanity by the end of the decade.

Cases of hacking and the theft of IP

Speaking with national security officials and datacenter operators, the report's authors recount learning of a case in which the AI datacenter of a major U.S. technology company was attacked and intellectual property (IP) was stolen. They also learned of another case in which a similar datacenter was targeted in an attack against a specific component that, if successful, would have taken the entire facility offline for months.

Key data center parts are “made in China”

Many critical components for modern data centers are built primarily or exclusively in China, the report points out.

This means that a critical component attack can take a data center offline for months.

Some of these attacks, the report argues, can be asymmetrical. An attack capable of destroying a key component of a hyperscaler data center infrastructure could be carried out for less than $20,000 and, if successful, could take a $2 billion data center offline for between six months and a year.

The report points out that China will likely delay the shipment of components needed to repair data centers taken offline by these attacks, especially considering that the United States is on the verge of developing superintelligence. “We should expect that lead times for generators, transformers and other critical data center components sourced from China will begin to mysteriously lengthen, exceeding current lead times,” say the Harris brothers.

“This will be a sign that China is quietly diverting components to its own facilities, since, after all, it controls the industrial base that produces most of them.”

The absence of security in AI labs

Although the situation is slowly improving, the report warns that neither existing data centers nor the AI labs themselves are secure enough to prevent the artificial intelligence models stored in them from being stolen by hostile states such as China.

“According to several researchers we spoke with, security in frontier artificial intelligence labs has improved slightly over the past year, but remains wholly inadequate to resist nation-state attacks,” the authors say. “According to former insiders, poor security controls in many frontier AI labs originally stem from a cultural bias that prioritizes speed over security.”

Time is running out

“A project like this [Manhattan Project] requires the construction of a new data center, security must be integrated from the outset into an offensive counterintelligence movement that disrupts similar projects by adversaries.”

As new capabilities become available that can buy America time, they must be incorporated quickly and efficiently into offensive activities, “while the intelligence we gather from adversaries must inform the types of capabilities we seek to develop in real time,” the two experts add.

The window for action is closing rapidly, then.

Many in Silicon Valley believe that artificial intelligence capable of automating most software engineering work is less than a year away. “Our interviews with current and former employees of frontier labs strongly suggest that this belief is well-founded and genuine. If they are right, the authors warn that we need to start building a fully secure, gigawatt-scale AI data center within a few months, and figure out how to handle the unexpected.

“We may not achieve superintelligence any time soon. But if we do, and we want to prevent the PCC from stealing it or crippling it, we need to start building the secure facilities for it as early as yesterday.”

he report offers detailed recommendations, including specific actions that America can take immediately, even without a full national blueprint. Implementing these recommendations will be a daunting task.

It will require unprecedented coordination between government, industry and the national security community. It will be costly, disruptive and politically difficult.” But the alternative -- a world in which the CCP builds superintelligence first or in which we fail to effectively control our own -- is far worse.”