Cyber operations are now foundational to national security, playing a central role in both defense and offense for major powers. However, recent assessments indicate that while the United States remains a leading force in cyber defense and intelligence, it has fallen behind China in a key area: exploit production—the development and acquisition of software vulnerabilities that can be weaponized for attacks.
Exploit Production Lead
China has built a significant lead over the United States in exploit production. This advantage is rooted in China’s ability to rapidly source, develop, and deploy cyber offensive capabilities, often through a decentralized and outsourced model that leverages a vast domestic talent pool and increasingly recruits from the Middle East and East Asia. The United States, on the other hand, relies heavily on a fragmented, risk-averse acquisition model that prioritizes accuracy, trust, and stealth. This approach often leads to inefficiencies, high costs, and a reliance on international talent pools. The US system is also hindered by middlemen in the exploit market, which drives up prices and reduces trust among buyers and sellers.
China’s offensive cyber supply chain is integrated, outsourced, and highly efficient, with strong ties to its private sector and academic institutions. In contrast, the US supply chain is more fragmented, with a focus on large prime contractors and a lack of investment in domestic offensive cyber talent.
The global market for zero-day exploits (previously unknown vulnerabilities) is opaque and increasingly expensive. China’s model allows for shorter contract cycles and prolonged use of exploits, while the US faces “feast-or-famine” cycles and struggles to ensure it truly possesses unique capabilities. China’s cyber capabilities are now tightly integrated with artificial intelligence (AI), and its private sector is proactively using AI for cyber operations. This integration further amplifies China’s advantage in exploit production and deployment.
The US intelligence community identifies China as the top military and cyber threat, capable of compromising American infrastructure and targeting assets in space. China’s steady progress in these areas raises concerns about its ability to deter US action and disrupt critical systems during a crisis.
Why This Matters
The gap in exploit production is not just a technical issue—it has profound strategic implications. In a potential conflict, the ability to rapidly develop and deploy cyber offensive capabilities could determine the outcome.
