OpenAI has confirmed that a ChatGPT account linked to an individual associated with Chinese law enforcement was utilized to orchestrate and document extensive covert cyberattack campaigns. This significant revelation, detailed in OpenAI’s February 2026 threat disruption report, offers a rare glimpse into the weaponization of advanced AI tools by state-linked actors for coordinated influence operations and targeted harassment. The findings highlight the growing sophistication of disinformation campaigns aimed at silencing critics and manipulating public opinion both domestically and internationally.
The operation, internally designated “Cyber Special Operations,” involved a systematic and resource-intensive effort to suppress free speech and target dissidents, foreign officials, and critics of the Chinese Communist Party (CCP). The ChatGPT account served as a central hub for editing and refining status updates on these ongoing campaigns, providing an unprecedented view into the operational methods of a Chinese state-affiliated disinformation network. Investigators were able to track activities spanning over 300 foreign social media platforms, employing thousands of fake accounts and hundreds of human operators across China.
Inside China’s “Cyber Special Operations”
OpenAI analysts uncovered a specific planning session in which the ChatGPT user sought assistance in designing a covert influence campaign targeting Japanese politician Sanae Takaichi, who had publicly criticized human rights conditions in Inner Mongolia. The proposed tactics included amplifying negative commentary, employing fake foreign resident email accounts, labeling Takaichi as far-right, and exploiting unrelated geopolitical tensions to divert attention. Although ChatGPT refused to assist with the direct planning, the threat actor proceeded with the campaign, later using the platform to document its implementation.
Evidence gathered by OpenAI’s open-source investigation corroborated the execution of this campaign. Specific hashtags referenced in the threat actor’s reports were found to be actively spreading across platforms like X, Pixiv, and Blogspot, accompanied by AI-generated memes that falsely linked Takaichi with nationalist groups. This incident underscores the transnational reach of these operations, which affected not only individuals within China but also foreign dissidents, human rights organizations, and high-ranking government officials in other nations.
The threat actor’s ChatGPT sessions revealed a comprehensive strategy encompassing over 100 distinct tactics. These operations leveraged locally deployed AI models such as DeepSeek-R1, Qwen2.5, and YOLOv8 for monitoring, profiling, and content creation, while employing ChatGPT for refining documents and operational reports. Prominent targets identified in the reports included Chinese activist Li Ying, the human rights group Safeguard Defenders, and dissident Jie Lijian, against whom fabricated obituaries and fake gravestone images were allegedly disseminated to inflict psychological distress.
Further examination of the threat actor’s activities revealed attempts to forge documents from a U.S. county court to pressure social media platforms into removing a dissident’s account. These operations were directly linked to the China-linked “Spamouflage” campaign, previously attributed by Meta to Chinese law enforcement in 2023. OpenAI’s investigation also connected this network to the doxxing website revealscum.com, which had been previously identified as part of the Spamouflage network.
In response to these findings, OpenAI and cybersecurity experts are advising several precautionary measures. Social media platforms are encouraged to enhance their detection capabilities for coordinated inauthentic behavior, particularly concerning mass-reporting systems that may utilize AI-fabricated evidence. Public figures, activists, and government officials are urged to exercise vigilance regarding unsolicited communications from unverified entities. Governments are advised to continue sharing threat intelligence concerning foreign state-linked covert operations and to inform civil society groups about the risks of online harassment. AI providers are to maintain strict content policies and continue publishing detailed threat reports to foster industry-wide awareness of platform abuse.
The ongoing evolution of AI in cyber operations presents a significant challenge for cybersecurity defense. The clear demonstration of state-sponsored actors leveraging sophisticated AI tools for influence and harassment necessitates continuous adaptation of detection and mitigation strategies. The international community will likely see increased efforts to share intelligence and develop coordinated responses to counter these emerging threats, with a focus on holding AI providers accountable for the misuse of their platforms.