The White House accused China-linked actors of waging “deliberate, industrial-scale campaigns” to steal the technology behind America’s most advanced artificial intelligence systems, a charge backed this month by federal sanctions, criminal indictments, and a new push in Congress to lock down AI exports.
Michael Kratsios, director of the Office of Science and Technology Policy, laid out the accusation in an internal memo first reported by the Associated Press in April 2026. He pointed to foreign entities “principally based in China” that he said are working to “distill” and “extract” capabilities from proprietary AI systems built by U.S. companies. The language frames the problem not just as corporate espionage but as a direct threat to national security.
What makes the claim harder to dismiss as political rhetoric is the paper trail that accompanied it. Three branches of the federal apparatus moved in a tight window, turning a policy statement into coordinated action.
Sanctions, indictments, and a named bill
The Treasury Department imposed sanctions on China-based hackers tied to the compromise of sensitive U.S. networks. The Department of Justice unsealed indictments against two men, Yin Kecheng and Zhou Shuai, connecting them to for-profit hacking operations run out of China. A 30-page federal search warrant affidavit filed alongside the charges describes the infrastructure the pair allegedly used: registered domains, virtual private server accounts, and long-running network exploitation campaigns.
On Capitol Hill, Rep. John Moolenaar, the Republican chairman of the House Select Committee on the Chinese Communist Party, issued a statement endorsing the crackdown and publicly naming the Deterring American AI Model Theft Act of 2026 as the legislative vehicle to tighten export controls on AI technology. Democrats on the committee voiced similar concerns, a rare show of bipartisan alignment on a tech policy issue.
The synchronization matters. Sanctions carry legal force. The DOJ affidavit was reviewed by a federal judge under a probable-cause standard. And a named bill signals that at least some lawmakers are ready to write the policy into statute. Together, these steps suggest the U.S. government is constructing a legal and regulatory framework that could reshape how American AI companies protect their models, whom they can sell to, and what they must do when foreign actors probe their systems.
What model theft actually looks like
The Kratsios memo, as described in press reports, points to a threat that goes beyond traditional hacking. Model distillation, one of the techniques officials appear concerned about, involves querying a powerful AI system thousands or millions of times and using the outputs to train a smaller, cheaper replica. Done at scale, this can reproduce much of a model’s behavior without ever touching its underlying code or training data. Other vectors include unauthorized access to proprietary model weights and abuse of research collaborations that give foreign partners a window into unpublished work.
These methods are distinct from the network intrusions described in the DOJ indictments, which involve breaking into computer systems to steal data. Conflating the two risks overstating how much is known. The Treasury sanctions and criminal charges target conventional cyber operations with a long track record in U.S.-China relations. The AI-specific extraction Kratsios describes may involve different actors, different techniques, and a different scale of damage. No primary document released so far names a specific U.S. company, model, or research program that was compromised.
Significant gaps in the public record
The full text of the OSTP memo has not been published. Reporting from the AP and the Financial Times provides key phrases and attributions, but without the complete document, it is impossible to see how Kratsios defines “industrial-scale,” what evidence he cites, or whether the memo announces binding executive action or serves primarily as a policy signal.
China’s direct response to these specific measures has not surfaced in primary sources. Beijing has a long pattern of denying state-sponsored cyber operations, and secondary international reporting references those general denials, but no sourced rebuttal addressing the Kratsios memo or the April 2026 sanctions has appeared. Without it, the picture remains one-sided, and any assessment of diplomatic fallout is speculative.
The legislative path is equally thin on detail. Moolenaar’s press release names the Deterring American AI Model Theft Act and frames it around export controls, but no bill text, co-sponsor list, or committee markup schedule has been made public. Whether the legislation advances or stalls will determine whether the congressional response carries lasting force or fades into messaging.
What the AI industry should watch
For companies building and deploying large AI models, the episode separates into three layers of risk. Traditional cyber intrusions remain a live and well-documented threat; the DOJ and Treasury actions reinforce that. AI-specific exploitation, such as large-scale output scraping or the abuse of API access, is drawing new scrutiny from policymakers even though the technical details have not been fully aired. And the political framing of AI theft, especially when tied to a single foreign adversary, can drive export controls, investment reviews, and public perception in ways that outrun the underlying evidence.
The trajectory is clear even where the details are not. Washington is moving to treat AI capabilities as strategic assets on par with advanced weapons systems or nuclear technology. Allegations of foreign model theft are now feeding into the same machinery of sanctions, prosecutions, and legislation that has governed other domains of national security conflict for decades.
Until the full OSTP memo and the text of the proposed bill become public, the “industrial-scale” label and the breadth of any crackdown will remain provisional. What is firmly established is the direction of travel: the U.S. government considers AI espionage a first-order security problem, and it is building the enforcement architecture to match.
More from Morning Overview
*This article was researched with the help of AI, with human editors creating the final content.
