CrowdStrike: China-based entities drove over half of AI-targeting state cyberattacks

CrowdStrike, the U.S. cybersecurity firm, said China-based entities made over half of state-sponsored cyberattacks aimed at tech firms’ artificial intelligence assets. That is the key sentence executives need to understand fast: the threat is not random crime, and it is not even limited to general hacking. It is targeted against a specific capability stack, AI assets, which means the risk follows the roadmap, not just the firewall.

In CrowdStrike’s framing, this is part of a broader pattern of state-linked cyber activity. When a majority share comes from a single geography, it tends to shift how boards think about preparedness, budgeting, and oversight. “Over half” is not a subtle signal. It suggests defenders should assume that AI-related work is being watched and probed, and that attempts to steal or disrupt AI capability can be an extension of national competition.

Why does that matter right now? Because AI is no longer a contained R&D line item. For many technology companies, AI systems are threaded through products, internal workflows, developer tooling, and customer-facing experiences. Even when a firm uses third-party models or services, it still has “assets” in play: training data pipelines, model weights, fine-tuning processes, evaluation tooling, and the operational environment where AI runs. CrowdStrike’s statement is effectively saying: state-sponsored attackers are aligning their campaigns with the places where AI advantage is built and stored.

This is where the business risk gets real for boards. Cyber incidents used to be framed as downtime and data exposure. For AI, the stakes can widen because an attacker’s goal can include stealing the competitive edge. If AI assets are targeted, the damage can show up as lost advantage, corrupted models, disrupted releases, or operational instability that is hard to trace back to a single breach. Even if the attacker does not take everything, the attempt itself can force expensive rework, rebuilds, and slowed delivery cycles.

Regulators and insurers are also watching how companies interpret this kind of risk. In recent years, cyber risk oversight has increasingly become a board topic rather than a technical-only topic. When a major cybersecurity firm ties state-sponsored activity to AI asset targeting and points to China-based entities as the majority contributor, it strengthens the case that AI security should be reflected in governance, incident response planning, and vendor risk management. For many companies, that means hard questions: Do our AI workflows have the same maturity as our core production systems? Are we treating datasets, model repositories, and experimentation environments as high-value targets?

The second-order impact is about incentives and attention inside tech companies. Leaders often prioritize security where it is most measurable and most immediate. But AI work moves quickly and is distributed across teams, including research, platform, data engineering, and product. If state-sponsored attackers are focusing on AI assets, then security becomes a coordination problem across functions, not just a ticketing problem for the security team. Boards should expect to see more scrutiny of how leadership monitors AI-related change, access controls, and anomaly detection across the full lifecycle.

Finally, there is the strategic layer. CrowdStrike is describing a competitive landscape where cybersecurity and AI are intertwined, and where nation-aligned actors are attempting to accelerate capability or disrupt competitors. For peers in similar roles, the takeaway is not to panic. It is to recalibrate. When a threat report indicates that more than half of state-sponsored AI-focused attacks trace to a specific set of entities, it becomes a planning assumption, not a curiosity. The companies that respond fastest are the ones that can translate a threat assessment into operating changes: policies, monitoring, testing, and procurement decisions that reflect AI as a geopolitical asset.