Chinese Digital Sovereignty: Beijing's Dual Truth Between GAI Domination and Operational Vulnerabilities - Analysis

Gabriele Iuvinale
26 set
Tempo di lettura: 7 min

From Staticity to the Fifth Line: The Doctrine of Active Defense and Architectural Risks

Abstract

This analysis decodes the cybersecurity strategy of the People's Republic of China (PRC) under the leadership of Xi Jinping, which has transitioned from a defensive geopolitical response (post-Snowden) to an architecture of proactive technological dominance. The primary focus is the fusion between the political imperative of Information Sovereignty (sanctioned by the CSL, DSL, PIPL laws) and the implementation of next-generation security solutions. The analysis highlights the dual nature of Generative Artificial Intelligence (GAI), which is fundamental for Policy-Protection-Detection-Response (PPDR) but also represents the main point of operational vulnerability in domestic models, as dramatically exposed by the CNCERT/CC test [^12]. In conclusion, the PRC is building the foundations of a "Cyber Great Power" through investments in Zero Trust (ZT) and 6G, but it still needs to resolve executive gaps and the tension between high strategic ambition and current technical incompleteness.

The Chinese cybersecurity strategy (网安战略) is configured as a state imperative under the leadership of Xi Jinping, born from geopolitical vulnerability post-Snowden (2013) and accelerated by the trade war. The objective is to translate legislative autonomy into technological dominance, implementing advanced network architectures and leveraging Generative Artificial Intelligence (GAI) to implement Dynamic Active Defense (PPDR) [^3].

The post-2013 crisis of confidence triggered a lightning-fast institutional reorganization:

The CCP centralized power by creating the Leading Small Group on Network Security and Informatization (LSGNSI) (maximum strategic decision and coordination body).
It founded the Cybersecurity Administration of China (CAC) (primary regulatory and law enforcement authority).
It restored the State Internet Information Office (responsible for content management and propaganda on the network).

The regulatory framework was cemented through the implementation of the principle of "strong regulation" [^2], based on the National Security Law (2015) and a series of fundamental laws establishing Information Sovereignty (信息主权):

CSL (Cybersecurity Law of the People's Republic of China) (2016)
DSL (Data Security Law of the People's Republic of China)
PIPL (Personal Information Protection Law of the People's Republic of China)

The framework is further strengthened by the Anti-Telecom and Network Fraud Law and the Regulation on the Protection of Critical Information Infrastructure Security [^2]. The pressure against Huawei (2018-2020) made "self-reliance" (zili gengsheng) a priority.

However, the recent disclosure of the results of a large-scale security test conducted by the CNCERT/CC has exposed deep operational vulnerabilities in domestic AI models [^12].

1. Commercial Intelligence: Leveraging and Protecting Data Wealth

Self-reliance is not just a defense policy, but a powerful engine for economic development that aims to protect national assets (primarily data) and create vast internal markets.

1.1. Industrial, Application Risks, and Implicit Costs

The integration of GAI into the manufacturing sector exposes the production chain to unprecedented attack vectors, with a concrete risk of Data Leakage of intellectual property and sensitive operational data. GAI, while accelerating efficiency (with an estimated increase of around 5% by 2025), leads to an increase in privacy violations and legal risks [^5].

The strategic value of data is crucial (the sector was worth 1.74 trillion RMB in 2023) [^8], making the DSL the primary instrument to guarantee Information Sovereignty (信息主权) [^8].

The need to protect this wealth has generated enormous internal demand for two frontier architectural solutions:

Zero Trust (ZT - 零信任). The transition from perimeter-based security to the "Never Trust, Always Verify" model is crucial. Implementing ZT requires a Massive Adjustment Cost to adapt all six critical domains: identity, endpoint, network environment, applications/workloads, data, and security management [^9]. AI is also seen as a factor that can empower ZT development [^9].
Post-Quantum Cryptography (PQC) and 6G. China is investing in the development of PQC algorithms to guarantee the long-term security of 6G networks, which will natively integrate AI and Blockchain [^10].

2. Information Intelligence: The Battle for AI Trustworthiness

Information control is an imperative for social and political stability, with Generative AI posing as the new front in the battle for truth and stability.

2.1. GAI Risk Vectors and Data Security

GAI Risk Vector	Tactical Relevance (Info-Ops and Control)	Chinese Solutions (Technical and Legal)
False Content / Hallucinations	GAI can produce "hallucinations" (幻觉) [^7], meaning plausible but untrue content, and harmful content [^4]. "Jailbreaking" is a key threat to bypass restrictions.	The GAI Framework 2.0 requires AI to be "safe, reliable, and controllable" (安全、可靠、可控) to prevent "loss of control" [^1]. Evolving defenses include the use of verification among multiple AI agents (debate/consensus) as a countermeasure [^7].
Privacy and Data Leakage	Training on massive datasets exposes models to privacy violations, copyright infringement, and the risk of generating real sensitive data [^4], [^7]. The risk extends to ethical, moral, and legal compliance risks [^7].	Privacy and Forgetting Technologies: Development of Federated Learning, Differential Privacy, and Model Unlearning techniques to remove sensitive or copyrighted data from models. The system is based on the entire data lifecycle [^8], [^7].

2.2. Operational Weaknesses of Domestic AI Models (CNCERT/CC Report)

The large-scale security test, conducted by the China National Computer Network Emergency Response Technical Team/Coordination Center (CNCERT/CC), involved 559 white hat hackers and 15 domestic AI models, recording 281 total vulnerabilities (177 AI-specific and 104 traditional) [^12].

Prompt Injection. The most common threat, with low difficulty and high effectiveness, which manipulates the model's behavior through targeted input [^12].
Improper Output Handling. Models generated harmful content, allowing unverified execution or transmission, enabling a hacker to take control of a server [^12].
Traditional Vulnerabilities. Classic vulnerabilities (SQL injection or arbitrary file access) are still present and widespread, representing 37% of the total risks [^12].
Data Leaks. Specific inputs induced models to reveal sensitive information [^12].
Unlimited Consumption. Lack of usage limits allowed hackers to exhaust system resources, causing service interruptions and even model theft [^12].

These results reinforce the need to adopt the Zero Trust (ZT) principle within the AI system itself, treating the model's output as untrustworthy, rigorously validating inputs and outputs, and adopting an "intrinsic security" approach integrated from the design phase [^12].

3. Military Intelligence: Information Dominance and Dynamic Defense

The military objective is to achieve information dominance (信息主导权) through cyber resilience that anticipates and neutralizes threats, with AI that intensifies the clash between attack and defense [^3].

3.1. Dynamic Active Defense Doctrine (Active Defense)

China has formalized a Dynamic Active Defense system, representing a crucial shift from static perimeter security to a dynamic system guided by AI.

GAI-Enhanced PPDR Operational Model [^6]: AI is the management and control system that dynamically updates defenses.
- Tactical Detection. Use of Honeypots and IDS (Intrusion Detection Systems) working in collaboration (联动协同作用) with Firewalls [^6].
- Response and Counter-Attack. The system includes a response chain that involves blocking the attack, localizing the source, and electronic forensics, serving as the basis for a potential fifth line of defense (反击) [^6].

3.2. Critical Architectural Risks and Resilience

Architecture	Tactical Paralysis Risk (DDoS)	Key Countermeasures and Technologies
SDN (Software Defined Network)	The SDN architecture, based on centralized control, is a primary target and vulnerable to DDoS (Distributed Denial of Service) attacks [^11].	AI-Based Detection: Solutions using Statistical Analysis and Machine Learning to detect and deflect DDoS flows in real-time [^11].
Fundamental Network Resources	Security risks for domains, IP addresses, and routing, which, if compromised by GAI, can lead to large-scale network paralysis.	Strategic Investments: Development and protection of fundamental network resources to prevent the compromise of the Internet's "nervous system".
6G (Next-Generation Network)	The 6G network will require extremely high security management due to its use in critical infrastructures [^10].	Post-Quantum Cryptography (PQC): Development of algorithms resistant to future quantum computers [^10].

4. Intelligence Analysis of Key Actors and Organizations

The governance system is a complex network of institutions, universities, and state-owned enterprises working in a coordinated manner, ensuring CCP oversight and continuous innovation in fundamental research, standardization, and talent [^2].

Category	Organization / Research Body	Strategic Role in the Ecosystem
Regulation / Policy	Cybersecurity Administration of China (CAC)	Highest-level regulatory authority, issues key frameworks (e.g., GAI Framework 2.0) [^1].
Testing and Evaluation	CNCERT/CC	Fundamental role in operational vulnerability assessment and issuing alert reports for domestic AI models [^12].
Think Tank / Standardization	CAICT	China Academy of Information and Communications Technology. Defines standards (e.g., Zero Trust) [^9] and produces blueprints for active defense [^6] and next-generation networks [^10].
Academic Research	Beijing University of Posts and Telecommunications (BUPT)	Leader in research on the reliability and security of LLM agents and AI [^7].
Industry and Defense	CETC Taiji Computer Co., Ltd. (of CETC)	Key state-owned company, integrated into the government's security strategy (involved in GAI governance) [^4].
Network Operators	CNNIC	China Internet Network Information Center. Focus on the security of fundamental network resources (domains, IPs) and the impact of GAI [^3].

Conclusions

The analysis reveals a profound tension between strategic ambition and operational reality.

On the one hand, Xi Jinping's strategy has created a comprehensive legal (CSL, DSL, PIPL) and institutional (LSGNSI, CAC) framework to achieve cyber sovereignty and develop Dynamic Active Defense based on AI. The vision is clear: to compete globally not only on technology, but also on institutional advantage and values defined by the GAI Framework 2.0 [^1].

On the other hand, the CNCERT/CC test in September 2025 has dramatically exposed execution vulnerabilities [^12]: the persistence of traditional vulnerabilities (37%) alongside AI-specific threats (such as Improper Output Handling and Prompt Injection) indicates that domestic models have not yet reached the level of intrinsic security required by the government.

In summary, China is building the foundations for a "Cyber Great Power," but the integrity and resilience of the system will depend on its ability to overcome current operational deficiencies, especially in the implementation of solutions like Zero Trust [^9] and the protection of 6G networks [^10]. The path toward "reliable and controllable" AI is set, but the battle has just begun.