A recent report highlights Microsoft’s three-decade-long ties with the Chinese government and its extensive integration into U.S. federal systems.
For a long time, Microsoft has been viewed as a cornerstone of American technology. Its platforms support various crucial functions, from federal email systems to the Department of Defense’s cloud services. However, a new analysis from Horizon sheds light on a different narrative. Titled “Microsoft in China: Enduring Risk Profile and National Security Implications,” it reveals how the tech giant has forged strong connections with the Chinese Communist Party and its security framework while embedding itself in U.S. institutions.
The first major concern arose this year after ProPublica revealed that Microsoft was quietly relying on workers in China for support on sensitive Army cloud systems. These workers, referred to as “digital guards,” were granted access to assist in troubleshooting U.S. military networks. The Pentagon called this a violation of trust, while Microsoft contended that this offshore assistance was limited to after-hours work and didn’t involve direct access to sensitive data.
This relationship with China isn’t new. Back in 2003, Microsoft became certified by the China Information Technology Security Evaluation Center, which was later found to be under the Ministry of State Security—responsible for China’s foreign intelligence. Over the years, this has allowed Chinese officials to examine the software vital to U.S. agencies, industries, and infrastructure.
According to the Horizon report, researchers have linked at least one significant zero-day attack to the access China gained through this relationship, suggesting that other breaches might have similarly benefited from prior insights. This has led to a pattern of Chinese cyber forces exploiting Microsoft’s products in the U.S., often taking advantage of vulnerabilities before they were even identified by Microsoft.
Moreover, Microsoft’s ties extend beyond just the source code. In 2015, the company formed a partnership with China Electronics Technology Corporation, a major state-owned defense business responsible for components of China’s military capabilities. This collaboration involved creating a tailored version of Windows for the Chinese government, granting them considerable influence over the development of these systems.
The cloud operations in China raise further concerns. Local laws mandate that foreign cloud services must be managed by domestic firms. Microsoft’s Azure services in China are run by 21Vianet, which must comply with national security requests. This means the Chinese government can scrutinize operations and enforce compliance. The 21Vianet systems were linked to the same Azure authentication platform implicated in a recent cyberattack that affected high-ranking U.S. officials.
Microsoft’s business strategies have inadvertently bolstered China’s surveillance efforts. Even following restrictions on direct OpenAI access in China, companies there still access OpenAI models through Microsoft’s Azure. Entities like BeyondSoft, a key player in China’s censorship operations, leverage this support, along with INESA, a state-owned firm focusing on security and surveillance.
Additionally, Microsoft’s HoloLens technology is now used in China’s military. Recent footage displayed PLA Air Force technicians utilizing HoloLens for aircraft maintenance. The company has also partnered with G42, a firm linked to China, focusing on AI and VR developments.
Microsoft Research Asia, based in Beijing, is known for nurturing China’s AI talent. However, it collaborates on sensitive projects, such as facial recognition, with universities sanctioned by the U.S. due to their connections to the Chinese military. These partnerships persist despite Microsoft’s claims of having imposed research restrictions at MSRA. The institute is still operational and continues recruiting for work in sensitive fields like language models and computer vision.
The Horizon report suggests that these practices expose vulnerabilities shaped not only by espionage but by years of corporate choices linking essential American software to potentially adversarial foreign interests.
