Join War on the Rocks and gain access to content trusted by policymakers, military leaders, and strategic thinkers worldwide.
What if the next decisive intelligence advantage isn’t a recruited insider but a nation’s ability to model entire societies from its digital exhaust? Salt Typhoon’s multi-year cyber campaigns against U.S. telecommunications networks and critical infrastructure demonstrate China’s unparalleled focus on data-centric espionage: collect widely, analyze fast, and operationalize at scale — alongside continued investments in traditional intelligence disciplines. This approach reshapes how the United States has conventionally thought about intelligence advantage.
For decades, the U.S. intelligence community has prized what analysts call “exquisite” intelligence: narrowly sourced, high-confidence insight into adversary intent. That model depends on scarcity — secrets being rare and guarded. China’s emerging model introduces a complementary concept driven by the abundance of data created in the digital age. Though traditional espionage remains at the heart of the Ministry of State Security, the Chinese government is relying, with greater frequency, on broad-based collection and system-level analysis to create advantage. I call this machine overmatch: intelligence advantage derived less from singular access and more from the ability to fuse data into actionable models faster than an adversary can respond.
Salt Typhoon’s recent campaigns exemplify this trend. Salt Typhoon is the name Microsoft applies to a cyber threat group alleged to be aligned with the People’s Republic of China. This group has conducted operations against critical infrastructure in several countries, including the United States. By compromising data-rich environments instead of individual targets, China can exfiltrate vast volumes of operational telemetry and metadata.
Rather than uncovering isolated secrets, this model of broad-based data collection can enable analysts to approximate entire digital ecosystems: communication flows, organizational relationships, and operational weak points. While the United States also does ecosystem mapping across intelligence disciplines, it is constrained by tighter legal guardrails and governance requirements on collection, retention, and use — constraints the Intelligence Community has explicitly foregrounded as it modernizes open-source exploitation.
China’s approach is different in scale and scope because Beijing can reduce friction between state demand and data supply: Chinese law obligates organizations and citizens to support intelligence work, and China’s military-civil fusion strategy is designed to integrate commercial technology and data into state security objectives.
By mapping these ecosystems, Beijing can gain advantageous insights for potential future crises — armed conflict, coercive diplomacy, or political confrontation — because the maps are built before the crisis and can be operationalized quickly.
These technologies represent an evolution, not a revolution, in Chinese intelligence tradecraft. The government continues to use traditional human intelligence methods, but the addition of automated data processing allows it to scale operations and extract value more quickly.
Advances in AI have made this approach increasingly practical. Modern machine learning and graph analytics can map social and professional networks, infer hierarchies, and flag anomalies faster than any human team. This shift matters for intelligence collection and analysis because it transforms the pace and scale at which insights can be operationalized.
Furthermore, these tools could enable the construction of large-scale digital dossiers — approximate “replicas” of real people — that can inform recruitment, cyber targeting, or information operations. The precision of each replica matters less than its aggregate value across millions of data points. Even a moderately accurate model can reduce the time and risk needed to identify potential insiders or tailor an influence campaign.
Despite its ambition, China’s model is not without operational friction. Integrating heterogeneous datasets across platforms remains a challenge, as does deploying advanced AI at operational speed. Experts assess that real-time simulation of adversary ecosystems remains aspirational rather than realized due to factors such as compute constraints, data latency, and integration. Nonetheless, the vector of progress is clear — and potentially accelerated by the next technological frontier: quantum computing.
Quantum computing, which relies on quantum bits to process information beyond the capacity of traditional systems, has the potential to accelerate these efforts substantially. While full-scale quantum advantage remains uncertain, specialized accelerators could enhance the kinds of optimization and graph-processing tasks central to data specialized accelerators could enhance the kinds of optimization and graph-processing tasks central to data analysis. In practice, this would mean faster correlation across disparate datasets and quicker identification of meaningful links between people, organizations, and systems. If combined with AI and the data already collected through campaigns like Salt Typhoon, such advances could allow near-real-time modeling of foreign societies, workforces, and supply chains.
This would represent a profound transformation in the speed and precision of foreign surveillance, influence, and disruption — and China is fully cognizant of this potential. As a recent U.S.-China Economic and Security Review Commission report notes, “China has deployed industrial-scale funding and centralized coordination to seize dominance in quantum systems.”
China’s data-centric approach offers clear advantages. It scales efficiently, reduces the operational risks of traditional espionage, and leverages Beijing’s integration of state, industry, and academia.
Critically, it does not replace traditional human intelligence. Rather, it complements it, enabling a blended model in which covert access is enhanced by computational foresight. A stark example of this is Salt Typhoon’s reported compromise of the private portals that U.S. telecommunication firms provide to law enforcement for court-ordered wiretaps — a direct use of cyber operations to gain insight into traditional intelligence and counterintelligence activities. This convergence aligns with broader Chinese military doctrine, which emphasizes information dominance and shaping operations prior to conflict — a digital expression of Mao’s intense focus on mass intelligence gathering and Sun Tzu’s more ancient (and much-quoted) dictum, “subdue the enemy without fighting.”
The asymmetry is not in capability alone, but in institutional integration. The U.S. maintains world-class intelligence assets, but its data streams often remain stovepiped. Conversely, China’s political-military system allows for better fusion. As a result, its decision-making cycle may operate at greater speed, even if its individual tools are less refined.
While U.S. officials acknowledge this gap, public reporting suggests China enjoys a more unified and responsive national data strategy. Considering this, analysts have called for urgent reforms to match the velocity and coherence of China’s intelligence structure.
Countering this shift does not require reinvention, but rather pragmatic adaptation. The United States should start by treating data governance as national security, tightening oversight of data brokers, and restricting cross-border transfers of sensitive occupational datasets. It should institutionalize analytic collaboration with the private sector, building on past government efforts to proactively detect large-scale exfiltration and AI-enabled targeting. At the technical level, agencies and defense contractors can degrade data linkability through practical measures such as salting (adding random data to passwords before hashing), tokenization (substituting a sensitive data element with a non-sensitive equivalent), and selective obfuscation to raise the cost of mass profiling. The focus should shift from collecting more to analyzing faster, investing in machine-assisted sense-making that fuses open-source, commercial, and classified streams. Finally, human resilience remains critical: Scenario-based counter-influence and cyber-hygiene training across the defense industrial base can blunt the precision of AI-enabled targeting.
Salt Typhoon suggests more than the scale of China’s cyber activity. It captures a broader redefinition of intelligence: China increasingly takes intelligence to be a dynamic system of data acquisition, modeling, and influence.
Adapting to this environment demands more than new tools. It requires a conceptual shift — one that integrates commercial and open-source data into core analysis, accelerates machine-assisted decision-making, and develops clear thresholds for deterrence when adversaries use data operations for coercion or sabotage. The nation that learns fastest from the information it already holds will define the next era of intelligence competition.
Salt Typhoon is a signal: The future of espionage is not cinematic, it’s computational. To the United States, the challenge isn’t just technical but conceptual.
Ashley Ruiz is a civilian in the Department of the Air Force, where she advises on cyber policy and strategy. She holds a Master of Arts in Security Studies from Georgetown University.
The views expressed in this article are hers alone and do not reflect those of the Department of the Air Force or the U.S. government.
