Pull to refresh
Logo
Daily Brief
Following Why Ranks Sign Up
AI platforms emerge as unexpected counterintelligence tools against state influence operations

AI platforms emerge as unexpected counterintelligence tools against state influence operations

Force in Play

OpenAI's latest threat report reveals a Chinese official used ChatGPT as a diary, accidentally exposing a sprawling transnational repression campaign targeting overseas dissidents

February 26th, 2026: OpenAI publishes 'ChatGPT diary' findings exposing transnational repression

Overview

A Chinese law enforcement official used ChatGPT the way most people use a private notebook — to draft, revise, and polish status reports about their work. The problem: the work was a covert campaign to silence critics of the Chinese Communist Party living overseas. OpenAI's threat intelligence team read the reports, pieced together a transnational repression operation involving hundreds of operators, thousands of fake social media accounts, forged American court documents, and impersonation of United States immigration officials — then published the findings.

The revelation, disclosed in OpenAI's February 2026 threat report, is the most detailed window yet into how a state security apparatus industrializes online repression. It also marks a turning point in a two-year pattern: since February 2024, AI companies have disrupted over 40 state-linked influence networks, effectively becoming accidental counterintelligence platforms. The operational security failure — treating a foreign company's chatbot as a secure diary — exposed not just one campaign but the bureaucratic machinery behind it, including internal performance metrics and staffing levels across multiple Chinese provinces.

Play on this story Voices Debate Predict

Key Indicators

300+
Operators in a single province
Internal reports referenced by the ChatGPT user indicated at least 300 operators running similar campaigns in just one Chinese province, with comparable numbers elsewhere
300+
Foreign platforms targeted
The operation claimed activity across more than 300 foreign social media platforms
50,000+
Posts placed on Western platforms
The operation claimed to have placed over 50,000 posts, but fewer than 150 received any meaningful engagement
40+
Networks disrupted by OpenAI since 2024
Cumulative state-linked influence networks that OpenAI has identified and shut down since beginning public threat reporting

Voices

Curated perspectives — historical figures and your fellow readers.

Ever wondered what historical figures would say about today's headlines?

Sign up to generate historical perspectives on this story.

Log in Sign Up

Play

Exploring all sides of a story is often best achieved with Play.

Log in to play. Track your picks, climb the leaderboards. Log in Sign Up
Predict 4 ways this could play out. Contrarian picks score more — points lock when the scenario resolves. Log in to play
Timeline Five events from this story — drag them oldest to newest. Log in to play
Connections Sixteen names from the news. Find the four hidden groups of four. Log in to play

People Involved

Ben Nimmo
Ben Nimmo
Led the investigation and public disclosure
 Sanae Takaichi
Sanae Takaichi
Target of a separate planned influence campaign that ChatGPT refused to assist with
 Li Ying
Li Ying
Named target of the exposed repression campaign
 Michael Flossman
Michael Flossman
Leads OpenAI's technical threat detection capabilities

Organizations Involved

OpenAI
OpenAI
AI research company
Published the threat intelligence report; banned involved accounts

The maker of ChatGPT, which has built a growing threat intelligence operation that has disrupted over 40 state-linked influence networks since February 2024.
Safeguard Defenders
Safeguard Defenders
Human Rights Organization
Named as both a documenter and a target of Chinese transnational repression

A human rights organization that has extensively documented Chinese transnational repression, including the 'Teacher Li' case, and was itself identified as a target in the exposed campaign.
Foundation for Defense of Democracies (FDD)
Foundation for Defense of Democracies (FDD)
Policy Research Institute
Independently identified the influence campaign targeting Takaichi

A Washington-based policy institute whose researchers independently identified a coordinated network of over 330 fake social media accounts pushing anti-Takaichi content ahead of Japan's February 2026 election.

Timeline

January 2014 February 2026

12 events Latest: February 26th, 2026 · 3 months ago Showing 8 of 12
Tap a bar to jump to that date

  1. OpenAI publishes 'ChatGPT diary' findings exposing transnational repression

    Latest Investigation

    OpenAI revealed that a Chinese law enforcement official had inadvertently exposed a sprawling transnational repression campaign by using ChatGPT to edit operational status reports. The findings detailed forged American court documents, impersonation of immigration officials, fabricated death notices, and the targeting of named dissidents across 300+ platforms.

  2. Coordinated anti-Takaichi campaign launches without AI assistance

    Influence Operation

    Despite ChatGPT's refusal, a coordinated network of over 330 fake social media accounts began pushing content portraying Takaichi as corrupt and militaristic across X, Tumblr, Blogspot, Quora, and YouTube — later identified by the Foundation for Defense of Democracies.

  3. ChatGPT refuses to plan anti-Takaichi influence campaign

    Safety

    A Chinese law enforcement user asked ChatGPT to design a multi-part plan to denigrate incoming Japanese Prime Minister Sanae Takaichi, who had criticized China's human rights record. ChatGPT's safety systems blocked the request.

  4. OpenAI finds cross-model usage by China and Russia

    Investigation

    The October report revealed that Chinese and Russian operators were using OpenAI models alongside locally deployed alternatives like DeepSeek, pivoting between platforms to avoid detection and safety filters.

  5. OpenAI disrupts 10 more operations including 'Sneer Review'

    Investigation

    The June report disrupted 10 operations, four from China. 'Sneer Review' operators notably used ChatGPT to write internal performance reviews documenting their own influence work — a precursor to the 'diary' behavior seen in the February 2026 case.

  6. OpenAI exposes first known AI-powered surveillance tool

    Investigation

    OpenAI discovered 'Peer Review,' a China-linked operation that used ChatGPT to build an AI-powered social media surveillance tool feeding real-time reports on overseas protest activity to Chinese security services. Operators also used DeepSeek and Meta's Llama.

  7. OpenAI reports 20+ disrupted operations

    Investigation

    A major update documented the disruption of over 20 deceptive networks since the start of 2024, including China's 'Sponsored Discontent,' which targeted Chinese dissidents in English and planted anti-American articles in Latin American media.

  8. OpenAI names five covert influence operations

    Investigation

    OpenAI's first dedicated influence operations report disrupted five state-linked networks — including China's 'Spamouflage,' Russia's 'Bad Grammar' and 'Doppelganger,' Iran's 'IUVM,' and Israel's 'STOIC' — none of which had reached authentic audiences.

  9. OpenAI publishes first state-threat report

    Investigation

    OpenAI and Microsoft jointly announced the disruption of five state-affiliated threat actors from China, Russia, Iran, and North Korea who were abusing AI for cyber-espionage and content generation.

  10. Meta attributes Spamouflage network to Chinese law enforcement

    Investigation

    Meta publicly attributed the large-scale 'Spamouflage' coordinated inauthentic behavior network to Chinese law enforcement — the same network OpenAI would later connect to the ChatGPT diary user.

  11. FBI arrests operators of secret Chinese police station in New York

    Legal

    The FBI arrested two men for operating a secret police station in Manhattan's Chinatown on behalf of China's Ministry of Public Security. The Department of Justice simultaneously unsealed charges against 34 Chinese officers for transnational repression via fake social media accounts.

  12. China launches Operation Fox Hunt

    Context

    China launched a worldwide campaign officially framed as an anti-corruption repatriation effort. The Federal Bureau of Investigation later assessed it as a vehicle for political repression targeting dissidents abroad.

Historical Context

3 moments from history that rhyme with this story — and how they unfolded.

January 2018

Strava fitness tracker exposure of military bases (2018)

Analyst Nathan Ruser discovered that Strava's global heatmap — built from 13 trillion GPS data points logged by fitness tracker users — revealed the outlines of military bases in Iraq, Afghanistan, and Syria as bright hotspots of jogging activity in otherwise dark, remote areas. Supply routes, patrol patterns, and even 6,400 users near Russian military intelligence (GRU) headquarters in Moscow were identifiable by name.

Then

The Pentagon reviewed all wearable device policies. Multiple militaries issued orders restricting fitness app use in sensitive locations.

Now

Established the principle that consumer technology adopted by security personnel can reverse-engineer classified information. Spurred a broader reckoning with 'ambient intelligence' — the data trails people create without realizing it.

Why this matters now

The Chinese official used ChatGPT the same way soldiers used Strava: as a personal productivity tool, not realizing the platform could read and analyze everything they entered. Both cases demonstrate that operational security failures now come from the tools people adopt voluntarily, not from adversary penetration.

September-December 2018

Bellingcat identification of GRU Skripal poisoning agents (2018)

Open-source investigators at Bellingcat used leaked Russian passport databases to identify the GRU officers who poisoned former spy Sergei Skripal in Salisbury, England. The agents' passport files contained telltale markers — 'Do not provide any information' stamps and issuing authority codes used exclusively for intelligence officers. 'Ruslan Boshirov' was identified as Colonel Anatoliy Chepiga, a decorated military officer.

Then

Russia began purging compromised databases, but the identifications were already public. Additional suspects were later identified using the same methods.

Now

Demonstrated that open-source intelligence could rival state intelligence capabilities. Bellingcat's methods became a template for accountability journalism worldwide.

Why this matters now

Both cases share the same core mechanism: a security apparatus left detailed operational records in a system it assumed was secure, and investigators outside the government found and published them. The GRU assumed passport databases were inaccessible; the Chinese official assumed ChatGPT conversations were private.

August 2023

Meta attributes Spamouflage network to Chinese law enforcement (2023)

Meta publicly attributed the sprawling 'Spamouflage' coordinated inauthentic behavior network — one of the largest ever documented — directly to Chinese law enforcement. The network operated thousands of fake accounts across Facebook, Instagram, YouTube, X, and dozens of smaller platforms, pushing pro-Beijing narratives and harassing dissidents.

Then

Platforms coordinated takedowns. The attribution to law enforcement rather than intelligence agencies signaled that repression campaigns were being run through China's domestic security bureaucracy.

Now

Established that Chinese influence operations were not centralized intelligence projects but distributed, bureaucratic efforts run by provincial law enforcement — a finding dramatically confirmed by the February 2026 ChatGPT diary, which revealed per-province staffing levels.

Why this matters now

The February 2026 revelation is a direct continuation of the Spamouflage story. OpenAI explicitly connected the ChatGPT diary user's operations to the same network Meta attributed in 2023, and linked it to the doxxing website revealscum.com that OpenAI had first exposed in May 2024. The diary added the missing internal perspective — staffing, tactics, and performance metrics — to a network already identified from the outside.

Sources

(10)
+4
OpenAI CNN Bloomberg CyberScoop Axios The Register Foundation for Defense of Democracies OpenAI Safeguard Defenders OpenAI