cetas.turing.ac.uk/ Research Report
As AI increasingly shapes the global economic and security landscape, China’s ambitions for global AI dominance are coming into focus. This CETaS Research Report, co-authored with Adarga and the International Institute for Strategic Studies, explores the mechanisms through which China is strengthening its domestic AI ecosystem and influencing international AI policy discourse. The state, industry and academia all play a part in the process, with China’s various regulatory interventions and AI security research trajectories linked to government priorities. The country’s AI security governance is iterative and is rapidly evolving: it has moved from having almost no AI-specific regulations to developing a layered framework of laws, guidelines and standards in just five years. In this context, the report synthesises open-source research and millions of English- and Chinese-language data points to understand China’s strategic position in global AI competition and its approach to AI security.
This CETaS Research Report, co-authored with the International Institute for Strategic Studies (IISS) and Adarga, examines China’s evolving AI ecosystem. It seeks to understand how interactions between the state, the private sector and academia are shaping the country’s strategic position in global AI competition and its approach to AI security. The report is a synthesis of open-source research conducted by IISS and Adarga, leveraging millions of English- and Chinese-language data points.
Key Judgements
China’s political leadership views AI as one of several technologies that will enable the country to achieve global strategic dominance. This aligns closely with President Xi’s long-term strategy of leveraging technological revolutions to establish geopolitical strength. China has pursued AI leadership through a blend of state intervention and robust private-sector innovation. This nuanced approach challenges narratives of total government control, demonstrating significant autonomy and flexibility within China’s AI ecosystem. Notably, the development and launch of the DeepSeek-R1 model underscored China's ability to overcome significant economic barriers and technological restrictions, and almost certainly caught China’s political leadership by surprise – along with Western chip companies.
While the Chinese government retains ultimate control of the most strategically significant AI policy decisions, it is an oversimplification to describe this model as entirely centrally controlled. Regional authorities also play significant roles, leading to a decentralised landscape featuring multiple hubs and intense private sector competition, which gives rise to new competitors such as DeepSeek. In the coming years, the Chinese government will almost certainly increase its influence over AI development through closer collaboration with industry and academia. This will include shaping regulation, developing technical standards and providing preferential access to funding and resources.
China's AI regulatory model has evolved incrementally, but evidence suggests the country is moving towards more coherent AI legislation. AI governance responsibilities in China remain dispersed across multiple organisations. However, since February 2025, the China AI Safety and Development Association (CnAISDA) has become what China describes as its counterpart to the AI Security Institute. This organisation consolidates several existing institutions but does not appear to carry out independent AI testing and evaluation.
The Chinese government has integrated wider political and social priorities into AI governance frameworks, emphasising what it describes as “controllable AI” – a concept interpreted uniquely within the Chinese context. These broader priorities directly shape China’s technical and regulatory approaches to AI security. Compared to international competitors, China’s AI security policy places particular emphasis on the early stages of AI model development through stringent controls on pre-training data and onerous registration requirements. Close data sharing between the Chinese government and domestic AI champions, such as Alibaba’s City Brain, facilitates rapid innovation but would almost certainly encounter privacy and surveillance concerns if attempted elsewhere.
The geographical distribution of China's AI ecosystem reveals the strategic clustering of resources, talent and institutions. Cities such as Beijing, Hangzhou and Shenzhen have developed unique ecosystems that attract significant investments and foster innovation through supportive local policies, including subsidies, incentives and strategic infrastructure development. This regional specialisation emerged from long-standing Chinese industrial policy rather than short-term incentives.
China has achieved significant improvements in domestic AI education. It is further strengthening its domestic AI talent pool as top-tier AI researchers increasingly choose to remain in or return to China, due to increasingly attractive career opportunities within China and escalating geopolitical tensions between China and the US. Chinese institutions have significantly expanded domestic talent pools, particularly through highly selective undergraduate and postgraduate programmes. These efforts have substantially reduced dependence on international expertise, although many key executives and researchers continue to benefit from an international education.
Senior scientists hold considerable influence over China’s AI policymaking process, frequently serving on government advisory panels. This stands in contrast to the US, where corporate tech executives tend to have greater influence over AI policy decisions.
Government support provides substantial benefits to China-based tech companies. China’s government actively steers AI development, while the US lets the private sector lead (with the government in a supporting role) and the EU emphasises regulating outcomes and funding research for the public good. This means that China’s AI ventures often have easier access to capital and support for riskier projects, while a tightly controlled information environment mitigates against reputational risk.
US export controls have had a limited impact on China’s AI development. Although export controls have achieved some intended effects, they have also inadvertently stimulated innovation within certain sectors, forcing companies to do more with less and resulting in more efficient models that may even outperform their Western counterparts. Chinese AI companies such as SenseTime and DeepSeek continue to thrive despite their limited access to advanced US semiconductors.
The Irish Data Privacy Commission announced that TikTok is facing a new European Union privacy investigation into user data sent to China.
TikTok is facing a fresh European Union privacy investigation into user data sent to China, regulators said Thursday.
The Data Protection Commission opened the inquiry as a follow up to a previous investigation that ended earlier this year with a 530 million euro ($620 million) fine after it found the video sharing app put users at risk of spying by allowing remote access their data from China.
The Irish national watchdog serves as TikTok’s lead data privacy regulator in the 27-nation EU because the company’s European headquarters is based in Dublin.
During an earlier investigation, TikTok initially told the regulator it didn’t store European user data in China, and that data was only accessed remotely by staff in China. However, it later backtracked and said that some data had in fact been stored on Chinese servers. The watchdog responded at the time by saying it would consider further regulatory action.
“As a result of that consideration, the DPC has now decided to open this new inquiry into TikTok,” the watchdog said.
“The purpose of the inquiry is to determine whether TikTok has complied with its relevant obligations under the GDPR in the context of the transfers now at issue, including the lawfulness of the transfers,” the regulator said, referring to the European Union’s strict privacy rules, known as the General Data Protection Regulation.
TikTok, which is owned by China’s ByteDance, has been under scrutiny in Europe over how it handles personal user information amid concerns from Western officials that it poses a security risk.
TikTok noted that it was one that notified the Data Protection Commission, after it embarked on a data localization project called Project Clover that involved building three data centers in Europe to ease security concerns.
“Our teams proactively discovered this issue through the comprehensive monitoring TikTok implemented under Project Clover,” the company said in a statement. “We promptly deleted this minimal amount of data from the servers and informed the DPC. Our proactive report to the DPC underscores our commitment to transparency and data security.”
Under GDPR, European user data can only be transferred outside of the bloc if there are safeguards in place to ensure the same level of protection. Only 15 countries or territories are deemed to have the same data privacy standard as the EU, but China is not one of them.
spycloud.com
We analyzed the VenusTech and Salt Typhoon data leaks to uncover the latest trends in the Chinese criminal underground.
In late May, two particularly interesting Chinese datasets appeared for sale in posts on DarkForums, an English-language data breach and leak forum that has become popular since BreachForums went dark in mid-April. These two posts, which we’re calling the VenusTech Data Leak and the Salt Typhoon Data Leak, had some interesting similarities. Both posts:
Were posted by new accounts that appear to have been created explicitly to sell a single dataset
Included data that allegedly came from companies in China’s large hack-for-hire ecosystem
Included data samples that, while limited, give us some insight into the companies they came from
While the samples provided on DarkForums were relatively small in comparison to previous data leaks of a similar nature (including Chinese IT contractor leaks, such as TopSec and iSoon), the latest leaks provide critical pivot points for assessing the state and structure of the Chinese cybersecurity contractor ecosystem.
We wanted to take a moment to analyze these two recent posts, dive into the sample data, and make some connections between this activity and some overall trends we are observing in our research into the Chinese cybercriminal underground.
Analysis of the VenusTech Data Leak
VenusTech is a major IT security vendor in China with a focus on serving government clients. It was founded in 1996 and is traded on the Shenzhen Stock Exchange. They have previously documented ties to the hack-for-hire industry including procuring services from XFocus, who created the original Blaster worm in 2003, as well as providing startup funding to Integrity Tech, the company responsible for the offensive hacking activity associated with Flax Typhoon.
On May 17, a post relating to VenusTech was created by an account called “IronTooth” and titled “Chinese tech company venus leaked documents.” The IronTooth account appears to have been newly created and simply uses the default profile image for DarkForums. The full post text reads:
selling sourced leaked documents dump of chinese tech company. includes papers, products sold to government, accesses, clients and more random shit sold to highest bidder after 48h. crossposted.
www.nsb.gov.tw
In recent years, the international community has shown growing concerns over cybersecurity issues deriving from China-developed mobile applications (apps). Governments and independent research institutions worldwide have already issued warnings concerning data breaches in users’ communication security. To prevent China from illegally acquiring personal data of Taiwan’s nationals, National Security Bureau (NSB) has reviewed cybersecurity reports from countries around the world and organized relevant information, as per the National Intelligence Work Act. Subsequently, the NSB informed and coordinated with the Ministry of Justice Investigation Bureau (MJIB) and the Criminal Investigation Bureau (CIB) under the National Police Agency to conduct random inspection on several China-developed mobile apps. The results indicate the existence of security issues, including excessive data collection and privacy infringement. The public is advised to exercise caution when choosing mobile apps.
The 5 China-developed apps selected for inspection, consisting of rednote, Weibo, TikTok, WeChat, and Baidu Cloud, are widely used by Taiwanese nationals. The MJIB and CIB adopted the Basic Information Security Testing Standard for Mobile Applications v4.0 announced by the Ministry of Digital Affairs, and evaluated the apps against 15 indicators under 5 categories of violation, consisting of personal data collection, excessive permission usage, data transmission and sharing, system information extraction, and biometric data access.
All 5 apps have shown serious violations across multiple inspection indicators. Notably, the rednote fails to meet all 15 inspection standards. Weibo and TikTok violate 13 indicators, separately, as well as 10 for WeChat and 9 for Baidu Cloud. These findings suggest that the said China-made apps present cybersecurity risks far beyond the reasonable expectations for data-collection requirement taken by ordinary apps.
All 5 China-made apps are found to have security issues of excessively collecting personal data and abusing system permissions. The violations include unauthorized access to facial recognition data, screenshots, clipboard contents, contact lists, and location information. As to the category of system information extraction, all apps were found to collect data such as application lists and device parameters. Furthermore, as far as biometric data are concerned, users’ facial features may be deliberately harvested and stored by those apps.
With regard to data transmission and sharing, the said 5 apps were found to send packets back to servers located in China. This type of transmission has raised serious concerns over the potential misuse of personal data by third parties. Under China’s Cybersecurity Law and National Intelligence Law, Chinese enterprises are obligated to turn over user data to competent authorities concerning national security, public security, and intelligence. Such a practice would pose a significant security breach to the privacy of Taiwanese users, which could lead to data collection by specific Chinese agencies.
A wide range of countries, such as the US, Canada, the UK, and India, have already publicly issued warnings against or bans on specific China-developed apps. The European Union has also launched investigations under the General Data Protection Regulation framework into suspected data theft involving certain China-made apps. Substantial amount of fines are imposed in those cases. In response to the cybersecurity threats, the Taiwanese government has prohibited the use of Chinese-brand products regarding computer and communications technology within official institutions. Both software and hardware are included.
The NSB coordinates with the MJIB and CIB to test the 5 inspected China-developed apps, and confirms that widespread cybersecurity vulnerabilities indeed exist. The NSB strongly advises the public to remain vigilant regarding mobile device security and avoid downloading China-made apps that pose cybersecurity risks, so as to protect personal data privacy and corporate business secrets.
CERTFR-2025-CTI-009
Date de la dernière version 01 juillet 2025
In September 2024, ANSSI observed an attack campaign seeking initial access to French entities’ networks through the exploitation of several zero-day vulnerabilities on Ivanti Cloud Service Appliance (CSA) devices. French organizations from governmental, telecommunications, media, finance, and transport sectors were impacted. ANSSI’s investigations led to the conclusion that a unique intrusion set was leveraged to conduct this attack campaign. The Agency named this intrusion set « Houken ». Moderately sophisticated, Houken can be characterized by an ambivalent use of resources. While its operators use zero-day vulnerabilities and a sophisticated rootkit, they also leverage a wide number of open-source tools mostly crafted by Chinese-speaking developers. Houken’s attack infrastructure is made up of diverse elements - including commercial VPNs and dedicated servers.
ANSSI suspects that the Houken intrusion set is operated by the same threat actor as the intrusion set previously described by MANDIANT as UNC5174. Since 2023, Houken is likely used by an access broker to gain a foothold on targeted systems, which could eventually be sold to entities interested in carrying out deeper post-exploitation activities. Though already documented for its opportunistic exploitation of vulnerabilities on edge devices, the use of zero-days by a threat actor linked to UNC5174 is new to ANSSI’s knowledge. The operators behind the UNC5174 and Houken intrusion sets are likely primarily looking for valuable initial accesses to sell to a state-linked actor seeking insightful intelligence. However, ANSSI also observed one case of data exfiltration as well as an interest in the deployment of cryptominers, indicating straight-forward profit-driven objectives.
2.1 The attack campaign in a nutshell
At the beginning of September 2024, an attacker repeatedly exploited vulnerabilities CVE-2024-
8190, CVE-2024-8963, and CVE-2024-9380 vulnerabilities to remotely execute arbitrary code
on vulnerable Ivanti Cloud Service Appliance devices [1, 2, 3, 4]. These vulnerabilities were
exploited as zero-days, before the publication of the Ivanti security advisory [5, 6, 7].
The attacker opportunistically chained these vulnerabilities to gain initial access on Ivanti CSA
appliances, with the intention of:
• Obtaining credentials through the execution of a base64 encoded Python script1
.
• Ensuring persistence, by:
– deploying or creating PHP webshells;
– modifying existing PHP scripts to add webshells capabilities;
– occasionally installing a kernel module which acts as a rootkit once loaded.
Likely in an effort to prevent exploitation by additional unrelated actors, the attacker attempted
to self-patch web resources affected by the vulnerabilities.
On occasions, and after establishing a foothold on victim networks through the compromise
of Ivanti CSA devices, the attacker performed reconnaissance activities and moved laterally.
In-depth compromises allowed the attacker to gather additional credentials and deploy further
persistence mechanisms. Most recent activities around this attack campaign were observed
at the end of November 2024 by ANSSI.
Several incidents affecting French entities, and linked to this attack campaign, were observed
by ANSSI at the end of 2024. The campaign targeted french organizations from governmental,
telecommunications, media, finance, and transport sectors.
In three cases, the compromise of Ivanti CSA devices was followed by lateral movements toward
the victims’ internal information systems. The malicious actor also collected credentials and
attempted to establish a persistence on these compromised networks. Attacker’s operational
activities time zone was UTC+8, which aligns with China Standard Time (CST).
ANSSI provided significant support to these entities, a
Established in 2024, the People's Liberation Army Cyberspace Force merges cyber and electronic warfare to disrupt, deter, and dominate in future conflicts.
With the launch of its Cyberspace Force, China has elevated the digital domain to a theatre of war. The Cyberspace Force of the People’s Liberation Army (PLA) is China’s newest military branch, launched on 19 April 2024.
Based in Haidian District, Beijing, and with five antennas across the country, it operates under the direct authority of the Central Military Commission (CMC).
Its creation followed the dissolution of the Strategic Support Force (SSF) and shows a broader shift in China’s approach to modern warfare. The force is tasked with both defending and attacking in the cyber domain. Additionally, it covers:
Network security
Electronic warfare
Information dominance
The Cyberspace Force plays a central role in China’s preparation for future conflicts, particularly in what the PLA calls “informatised warfare”, a doctrine focused on controlling the flow of information across all domains. By placing the unit directly under the CMC, China ensures centralised control, operational discipline, and strategic reach in cyberspace.
On 19 April 2024, the CMC formally dissolved the SSF and created three independent forces:
This marked the first time China designated cyberspace as an independent warfare domain with dedicated command, personnel, and budgetary autonomy. The Cyberspace Force now operates as a Corps Leader-grade service, headquartered in Beijing. It is led by Lieutenant General Zhang Minghua, with Lieutenant General Han Xiaodong serving as its political commissar. Its emergence reflects a shift from fragmented technical capabilities to centralised, strategic integration of cyber warfare into China’s military planning.
Germany's data protection commissioner has asked Apple and Google to remove Chinese AI startup DeepSeek from their app stores in the country due to concerns about data protection, following a similar crackdown elsewhere.
FRANKFURT, June 27 (Reuters) - Germany's data protection commissioner has asked Apple (AAPL.O), opens new tab and Google (GOOGL.O), opens new tab to remove Chinese AI startup DeepSeek from their app stores in the country due to concerns about data protection, following a similar crackdown elsewhere.
Commissioner Meike Kamp said in a statement on Friday that she had made the request because DeepSeek illegally transfers users' personal data to China.
The two U.S. tech giants must now review the request promptly and decide whether to block the app in Germany, she added, though her office has not set a precise timeframe.
Google said it had received the notice and was reviewing it.
DeepSeek did not respond to a request for comment. Apple was not immediately available for comment.
According to its own privacy policy, opens new tab, DeepSeek stores numerous pieces of personal data, such as requests to its AI programme or uploaded files, on computers in China.
"DeepSeek has not been able to provide my agency with convincing evidence that German users' data is protected in China to a level equivalent to that in the European Union," Kamp said.
"Chinese authorities have far-reaching access rights to personal data within the sphere of influence of Chinese companies," she added.
If the United States wishes to compete in cyberspace, it must compete against China to secure its offensive cyber supply chain.
Strategic competition between the United States and China has long played out in cyberspace, where offensive cyber capabilities, like zero-day vulnerabilities, are a strategic resource. Since 2016, China has been turning the zero-day marketplace in East Asia into a funnel of offensive cyber capabilities for its military and intelligence services, both to ensure it can break into the most secure Western technologies and to deny the United States from obtaining similar capabilities from the region. If the United States wishes to compete in cyberspace, it must compete against China to secure its offensive cyber supply chain.
This report is the first to conduct a comparative study within the international offensive cyber supply chain, comparing the United States’ fragmented, risk-averse acquisition model with China’s outsourced and funnel-like approach.
Key findings:
AI firm DeepSeek is aiding China's military and intelligence operations, a senior U.S. official told Reuters, adding that the Chinese tech startup sought to use Southeast Asian shell companies to access high-end semiconductors that cannot be shipped to China under U.S. rules.
The U.S. conclusions reflect a growing conviction in Washington that the capabilities behind the rapid rise of one of China's flagship AI enterprises may have been exaggerated and relied heavily on U.S. technology.
Hangzhou-based DeepSeek sent shockwaves through the technology world in January, saying its artificial intelligence reasoning models were on par with or better than U.S. industry-leading models at a fraction of the cost.
"We understand that DeepSeek has willingly provided and will likely continue to provide support to China's military and intelligence operations," a senior State Department official told Reuters in an interview.
"This effort goes above and beyond open-source access to DeepSeek's AI models," the official said, speaking on condition of anonymity in order to speak about U.S. government information.
The U.S. government's assessment of DeepSeek's activities and links to the Chinese government have not been previously reported and come amid a wide-scale U.S.-China trade war.
This report uncovers a set of related threat clusters linked to PurpleHaze and ShadowPad operators targeting organizations, including cybersecurity vendors.
he Czech Republic on Wednesday accused China of being responsible for a "malicious cyber campaign" targeting a network used for unclassified communication at its Foreign Affairs ministry, but China rejected the accusations.
China's embassy in Prague called on the Czech side to end its "microphone diplomacy".
The attacks started during the country's 2022 EU presidency and were perpetrated by the cyber espionage group APT31, the Czech government said in a statement. The Czech Republic, an EU state and NATO member, said APT31 was publicly associated with the Chinese Ministry of State Security.
Foreign Minister Jan Lipavsky said that after the attack was detected, the ministry implemented a new communications system with enhanced security in 2024.
"I summoned the Chinese ambassador to make clear that such hostile actions have serious consequences for our bilateral relations," he said.
Lipavsky said the attacks centered on email and other documents and focused on information concerning Asia.
"The Government of the Czech Republic strongly condemns this malicious cyber campaign against its critical infrastructure," the government said in its statement.
China's embassy in the Czech Republic expressed "strong concern and decisive disagreement" with the Czech accusations.
Welcome to our OCPL Fellows Feature series, brought to you by our current cohort of talented researchers. These pieces explore key challenges at the intersection of U.S.-China and global emerging technology competition.
Massive leaks of information stored in government-owned databases have become increasingly common in China throughout the 2020s.
Chinese hacktivists likely executed some of these leaks to call attention to the scope and pervasiveness of state surveillance.
Hackers in China have previously been prevented from organizing into groups and carrying out both nationalist and apolitical hacking. It is plausible that hackers would have little to lose by pivoting to hack to express dissent.
Introduction
What comes to mind when you think about data protection? Perhaps the right to privacy or cybersecurity, but almost certainly not “streaking.” However, Chinese netizens commonly use this term (裸奔, luǒbēn) to describe the sense of embarrassment an individual feels when their personal data has been unintentionally exposed. The use (and censorship) of this phrase has only increased as large-scale data leaks have risen dramatically in China throughout the 2020s.
When these data leaks occur, commentary is quickly taken down to prevent Chinese internet users from uncovering the scope of state surveillance practices. That’s partly because retrospective analysis of these incidents often reveals that they resulted directly from Chinese government bodies’ lax data management practices. These incidents have proved shameful for party leaders; while not directly acknowledging these leaks, high-ranking officials like the late Li Keqiang call for heightened “information security” standards in their aftermath.
LONDON, May 14 (Reuters) - U.S. energy officials are reassessing the risk posed by Chinese-made devices that play a critical role in renewable energy infrastructure after unexplained communication equipment was found inside some of them, two people familiar with the matter said.
Power inverters, which are predominantly produced in China, are used throughout the world to connect solar panels and wind turbines to electricity grids. They are also found in batteries, heat pumps and electric vehicle chargers. While inverters are built to allow remote access for updates and maintenance, the utility companies that use them typically install firewalls to prevent direct communication back to China.
However, rogue communication devices not listed in product documents have been found in some Chinese solar power inverters by U.S experts who strip down equipment hooked up to grids to check for security issues, the two people said.
Over the past nine months, undocumented communication devices, including cellular radios, have also been found in some batteries from multiple Chinese suppliers, one of them said.
Reuters was unable to determine how many solar power inverters and batteries they have looked at. The rogue components provide additional, undocumented communication channels that could allow firewalls to be circumvented remotely, with potentially catastrophic consequences, the two people said.
Both declined to be named because they did not have permission to speak to the media.
"We know that China believes there is value in placing at least some elements of our core infrastructure at risk of destruction or disruption," said Mike Rogers, a former director of the U.S. National Security Agency. "I think that the Chinese are, in part, hoping that the widespread use of inverters limits the options that the West has to deal with the security issue."
A spokesperson for the Chinese embassy in Washington said: "We oppose the generalisation of the concept of national security, distorting and smearing China's infrastructure achievements."
EclecticIQ analysts assess with high confidence that, in April 2025, China-nexus nation-state APTs (advanced persistent threat) launched high-temp exploitation campaigns against critical infrastructure networks by targeting SAP NetWeaver Visual Composer. Actors leveraged CVE-2025-31324 [1], an unauthenticated file upload vulnerability that enables remote code execution (RCE). This assessment is based on a publicly exposed directory (opendir) found on attacker-controlled infrastructure, which contained detailed event logs capturing operations across multiple compromised systems.
EclecticIQ analysts link observed SAP NetWeaver intrusions to Chinese cyber-espionage units including UNC5221 [2], UNC5174 [3], and CL-STA-0048 [4] based on threat actor tradecrafts patterns. Mandiant and Palo Alto researchers assess that these groups connect to China's Ministry of State Security (MSS) or affiliated private entities. These actors operate strategically to compromise critical infrastructures, exfiltrate sensitive data, and maintain persistent access across high-value networks worldwide.
Uncategorized China-Nexus Threat Actor Scanning the Internet for CVE-2025-31324 and Upload Webshells
EclecticIQ analysts assess with high confidence that, a very likely China-nexus threat actor is conducting a widespread internet scanning and exploitation campaign against SAP NetWeaver systems. Threat actor–controlled server hosted at IP address 15.204.56[.]106 exposed the scope of the SAP NetWeaver intrusions [5].
Dior’s coveted client list of China’s wealthiest and most powerful consumers has been compromised in a major data breach, forcing the French luxury giant to issue an apology as it scrambles to contain potential fallout and limit any damage to its reputation.
The luxury brand under French conglomerate LVMH experienced a customer data breach in China on May 7. According to a text message sent to customers yesterday, the company disclosed that an unauthorized external party had gained access to its database, obtaining sensitive personal information such as customers’ names, gender, phone numbers, email addresses, mailing addresses, purchase amounts, and shopping preferences.
Dior emphasized that the compromised data did not include bank account details, IBANs (International Bank Account Numbers), or credit card information. Nonetheless, the brand urged customers to exercise heightened caution, advising them to beware of phishing messages, unsolicited calls or emails, and to avoid clicking on suspicious links or disclosing personal information.
This report highlights a rarely-discussed but crucially important attack surface: security vendors themselves.
A Chinese startup, Sand AI, appears to be blocking certain politically sensitive images from its online video generation tool.
A China-based startup, Sand AI, has released an openly licensed, video-generating AI model that’s garnered praise from entrepreneurs like the founding director of Microsoft Research Asia, Kai-Fu Lee. But Sand AI appears to be censoring the hosted version of its model to block images that might raise the ire of Chinese regulators from the hosted version of the model, according to TechCrunch’s testing.
Earlier this week, Sand AI announced Magi-1, a model that generates videos by “autoregressively” predicting sequences of frames. The company claims the model can generate high-quality, controllable footage that captures physics more accurately than rival open models.