Silicon Valley steps up staff screening over Chinese espionage threat

Silicon Valley companies are escalating their security vetting of staff and potential recruits as US officials voice greater concern about the threat of Chinese espionage.

Technology giants such as Google and high-profile start-ups like OpenAI have stepped up their screening of personnel, according to several people working directly with the groups.

The move comes amid fears that foreign governments are seeking to use compromised workers to access intellectual property and company data.

Venture capital firms such as Sequoia Capital, which backs dozens of start-ups including Elon Musk’s xAI, have also encouraged some portfolio companies to tighten staff vetting after warnings that spy agencies are targeting US tech developers, the people said.

Sequoia split off its own Chinese business last year after almost two decades due to geopolitical pressure.

Alex Karp, chief executive of Palantir, the $53bn data analytics contractor to the US defence industry, said Chinese spying on US tech companies was “a huge problem”, especially for producers of enterprise software, large language models and weapons systems.

“We have smart adversaries,” said Karp. “Our enemies are ancient cultures fighting for their survival, not just now but for the next thousand years.”

The enhanced security effort comes as US officials have increased warnings to companies about the threat from Chinese espionage over the past two years.

Washington and Beijing are locked in a growing strategic competition, with the US imposing export controls to make it harder for China to obtain and develop cutting-edge technologies, including in artificial intelligence and advanced chips.

However, there are also concerns about a rise in xenophobia at US tech companies given the prevalence of skilled workers of Asian descent.

HR McMaster, former national security adviser to the US, who has advised tech companies and investment firms on foreign espionage risks since leaving government, said the threat from Chinese intelligence agencies was “absolutely real and they are persistent”.

“The companies I talk to and work with are very much aware of this right now and are doing everything they can to reduce it,” he said.

Google said it had “strict safeguards to prevent the theft of our confidential commercial information and trade secrets”. Sequoia declined to comment. OpenAI did not respond to requests for comment.

Chinese spying cases go back decades but appear to have multiplied in recent years. In March, US prosecutors charged a former software engineer at Google with allegedly stealing AI trade secrets while secretly working with two companies based in China. Tesla, Micron and Motorola have all been subject to “egregious” theft of intellectual property by China in the past five years, according to the US.

Bill Priestap, a former head of counter-intelligence at the FBI who now runs the consultancy Trenchcoat Advisors, advises on “human-driven risk” from foreign adversaries. He said he had seen “high levels” of cases in which overseas intelligence groups exploited employees of US companies to steal valuable assets.

“Some employers have realised that when they are hiring people, they have to understand if they have any vulnerabilities they should be aware of,” he said. “Simply maintaining ties to certain countries means [an individual] could be vulnerable to being exploited, even if they do not want to cause the company harm.”

A handful of private companies have sprung up to offer strategic intelligence to businesses on Chinese espionage threats. Utah-based Strider Technologies, which was launched by twins Greg and Eric Levesque in 2019, provides a data tool to companies aimed at preventing nation states targeting their employees and infiltration of third-party vendors and suppliers.

Greg Levesque, chief executive, said Strider had seen a recent uptick in adoption of its tools by start-ups working on emerging technologies such as quantum computing, AI and synthetic biology “that are on the top of the shopping list of countries like China”.

Strider’s system uses AI to collect data on the methods foreign intelligence agencies are deploying to target companies and their staff. For example, it tracks hundreds of Chinese “talent plans”, which allegedly recruit foreign scientists and professors and incentivise them to steal technologies to advance China’s military and economic goals. Priestap and McMaster are advisers to Strider.

If an individual is flagged by Strider’s system, companies can implement additional screening, such as due diligence on an individual’s family or financial links abroad as well as their travel history to countries where foreign intelligence services have carried out recruitment.

“We’re seeing this across the Fortune 500,” said Greg Levesque. “Everyone is getting targeted. There’s a geopolitical battle going on, and industry is the frontline.”

The US justice department in 2022 scrapped a controversial programme called the “China Initiative” that was started during the Trump administration after criticism from civil rights groups that it was engaging in racial profiling. It also came under scrutiny after several cases brought against academics, particularly scientists, with Chinese backgrounds collapsed in court.

But the initiative also led to the conviction, among others, of Harvard University chemistry professor Charles Lieber. He was found to have secretly accepted money from China through a state-sponsored programme designed to help the country gain access to scientific knowledge and expertise in the US and elsewhere.

In November, FBI director Christopher Wray held a public event in Silicon Valley with his counterparts from the Five Eyes intelligence network, which includes Australia, Canada, New Zealand, the UK and the US. He urged tech companies to “confront an unprecedented threat” from China.

Silicon Valley groups that are bidding for contracts with the US defence department have been encouraged to widen the scope and scale of their due diligence against Chinese spy threats. Commercial technology companies that work with US defence agencies are required to submit to rigorous security measures.

McMaster, who is also a retired US Army lieutenant general, said: “The vast majority of research and development that has national security implications used to be government programmes, and now it is happening in the private sector, so these companies became really potentially lucrative targets from a Chinese perspective.”

Additional reporting by Hannah Murphy in San Francisco