Strategic Technical Work and the Risks Around It

In October 2024, the heads of all five domestic intelligence agencies in the Five Eyes partnership appeared together in public for the first time. The venue was a joint event hosted by the Hoover Institution and the FBI. The subject was technology startups.

The directors of MI5, the FBI, ASIO, CSIS, and NZSIS launched "Secure Innovation," a shared security framework designed to help emerging technology companies defend against nation-state threats. The guidance from the ODNI was aimed explicitly at startups and small firms, organizations that by definition lack dedicated counterintelligence infrastructure. It warned that weak security practices made these companies attractive targets for actors seeking to steal technology for competitive or military advantage.

That five sovereign intelligence services considered this threat severe enough to warrant an unprecedented joint public appearance is itself a data point about the operating environment around strategically significant technical work. The landscape that guidance describes extends well beyond defense contracting into dual-use research, frontier AI, critical infrastructure, advanced manufacturing, quantitative finance, financial infrastructure, and cryptographic systems.

These are domains that attract professionals with a specific promise: technically serious work, strategic relevance, and outsized returns. What those domains rarely advertise is that the same qualities making this work consequential also reshape the ambient operating environment in ways many practitioners are structurally unprepared to recognize.

The economic damage is difficult to quantify with precision, but the estimates converge on a range that is difficult to dismiss. The FBI characterizes economic espionage as costing the American economy "hundreds of billions of dollars per year." A 2013 assessment by the IP Commission estimated annual losses from intellectual property theft at roughly $300 billion.

The Center for Strategic and International Studies has estimated that Chinese cyber espionage alone likely cost the United States between $20 billion and $30 billion annually before the 2015 Obama-Xi agreement, with cumulative losses potentially reaching $600 billion over two decades. These figures are necessarily imprecise; successful theft often goes undetected, and companies have strong disincentives to disclose breaches.

Where the Signals Are Ambiguous

What makes this environment distinctively difficult for individual practitioners is the form these risks take. The pressures that cluster around strategically important work do not arrive with clear labels. They are mediated through ordinary professional interactions: a consulting offer from a contact whose affiliation is vaguely described, an internal reorganization whose logic does not quite track, a vendor relationship where the economics seem generous for no clear reason.

The lived experience for the technically trained professional is one of persistent low-grade uncertainty. The ambiguity between routine organizational dysfunction, strategic maneuvering, and something with sharper edges is a defining condition of the environment.

In deep-tech settings, specialized expertise, security clearances, access credentials, and institutional relationships often sit with a handful of people. This concentration creates operational choke points and, simultaneously, surfaces for leverage.

The FBI and the National Counterintelligence and Security Center have publicly documented how foreign intelligence entities systematically use professional networking platforms to identify and approach individuals with security clearances or specialized technical knowledge. These approaches typically begin with plausible pretexts: consulting offers, speaking invitations, or collaborative research opportunities.

A former CIA officer, Kevin Mallory, was sentenced to twenty years after being recruited through such an approach on LinkedIn, initially contacted by an individual posing as a think-tank representative, according to Digital Trends reporting on the case.

In a 2025 joint advisory, the NCSC, FBI, and Defense Counterintelligence and Security Center warned that foreign intelligence entities, particularly those linked to China, were posing as legitimate consulting firms and recruiters to target current and former government employees seeking new employment.

The financial sector concentrates nearly every risk factor in this analysis. Quantitative trading firms, financial technology companies, and institutions operating payment rails or settlement infrastructure sit at an intersection of commercial competition and national security that many of their technical employees do not fully appreciate.

The financial services industry bears the highest average insider-incident costs of any sector, estimated at $21.25 million annually per organization according to analysis of Ponemon Institute data.

The Sergey Aleynikov case illustrates the stakes. On his last day at Goldman Sachs, Aleynikov uploaded over 500,000 lines of proprietary high-frequency trading source code, according to Dechert LLP's analysis. His initial conviction under the Economic Espionage Act was reversed on appeal due to a statutory loophole, prompting Congress to pass the Trade Secret Clarification Act of 2012.

At Citadel, multiple programmers were prosecuted for stealing algorithmic trading code. In one case, a rival firm instructed a prospective hire to avoid email and communicate only via encrypted messaging to conceal the transfer of a trading model that had cost over $100 million to develop, according to a Pensions & Investments report on the London court filing.

These cases are not espionage in the geopolitical sense, but they operate through the same mechanisms: key-person leverage, information asymmetry, opaque recruitment channels, and the difficulty of detecting theft of intangible assets.

They unfold in an environment where sanctions enforcement, anti-money-laundering obligations, and the Treasury Department's expanding authority through FinCEN add layers of regulatory exposure that technical practitioners in fintech and financial infrastructure rarely anticipate when they take the job.

In 2026, FinCEN launched a new whistleblower intake system designed to encourage confidential reporting of financial crimes, with eligible whistleblowers standing to receive a percentage of monetary penalties exceeding $1 million. The system covers violations of anti-money laundering requirements, sanctions enforcement, and financial transparency obligations imposed on banks, money services businesses, and other regulated entities.

For engineers and developers building payment systems, trading infrastructure, or digital asset platforms, the regulatory perimeter around their work extends well beyond the technical specifications they were hired to implement.

Infiltration by Design

Deep-tech companies routinely depend on contractors, integrators, specialized suppliers, capital sources, and consultants whose incentives may be opaque and whose backgrounds may be difficult to verify. The North Korean IT worker fraud schemes recently prosecuted by the Department of Justice illustrate how thoroughly a determined state actor can exploit these dependencies.

In one case sentenced in 2025, an Arizona woman facilitated a scheme in which North Korean nationals, posing as U.S. citizens, obtained remote IT positions at more than 300 American companies, generating over $17 million in illicit revenue that the DOJ linked to North Korea's weapons programs. The scheme relied on stolen identities, "laptop farms" to simulate U.S.-based work locations, and AI-generated face-swapping technology to pass video interviews.

In a parallel case, two U.S. nationals were sentenced for enabling North Korean workers to infiltrate more than 100 companies, producing over $5 million in revenue for the regime.

The FBI subsequently warned that North Korean IT workers were using AI and face-swapping technology during video interviews and had begun extorting employers by threatening to post company data on the dark web. In June and July 2025, the FBI executed searches of 21 premises across 14 states hosting known or suspected laptop farms.

These were systemic exploitations of trust in the hiring and contracting pipeline, enabled by the opacity of remote work and the difficulty of verifying identity at scale.

The DOJ described North Korean IT workers as having individually earned up to $300,000 annually, generating hundreds of millions of dollars collectively each year on behalf of entities directly involved in the country's weapons of mass destruction programs.

The DPRK has dispatched thousands of skilled IT workers to live abroad, primarily in China and Russia, according to the DOJ, with the aim of deceiving businesses worldwide into hiring them as freelance workers.

Regulatory Terrain and the Cryptography Precedent

The regulatory and legal terrain around strategically significant work creates a category of risk that practitioners routinely underestimate. Cryptography offers perhaps the most instructive precedent. Until the late 1990s, the United States classified strong encryption as a munition under the International Traffic in Arms Regulations, placing it in the same regulatory category as missiles and military aircraft.

A Berkeley mathematics graduate student, Daniel Bernstein, had to sue the federal government for the right to publish an encryption algorithm, in a case the Electronic Frontier Foundation later described as a landmark legal victory. Phil Zimmermann faced a three-year criminal investigation for distributing PGP encryption software on the internet.

A 1996 executive order transferring commercial encryption to the Commerce Control List and subsequent relaxations through 1999 resolved the most extreme restrictions but did not remove cryptographic work from the regulatory landscape. They relocated it.

Today, encryption technology embedded in military systems remains on the Munitions List. The broader ecosystem of cryptographic applications, including financial infrastructure, digital assets, and secure communications, continues to sit at the intersection of commercial innovation and national security scrutiny. The practitioner building cryptographic systems in 2026 operates in a domain whose regulatory status has changed multiple times within a single career span.

Export control regimes more broadly impose severe penalties for unauthorized transfers of controlled technology, including transfers to foreign nationals within the United States, known as "deemed exports." Criminal violations can carry fines exceeding $1 million per count and imprisonment of up to twenty years.

In 2024, TE Connectivity Corporation agreed to pay $5.8 million in civil penalties for shipping components as prosaic as wires and circuit-board connectors to Chinese entities linked to hypersonic weapons programs. The Bureau of Industry and Security imposed a $300 million civil penalty against Seagate Technologies for exporting hard disk drives to Huawei.

The controlled item need not look sensitive; what triggers regulatory exposure is the end use, the end user, or the regulatory classification.

The experience of researchers caught in the DOJ's "China Initiative" between 2018 and 2022 illustrates how legal and political risk can descend on technical professionals from directions they never anticipated. The initiative, launched to counter Chinese economic espionage, brought dozens of cases against academics and researchers, many for failing to disclose affiliations with Chinese institutions on federal grant applications.

Of 77 known cases tracked by MIT Technology Review, many resulted in dismissals or acquittals. According to WilmerHale's analysis, the most common charges were not for espionage or theft of trade secrets but for failing to disclose Chinese ties to grant-making agencies, false statements, and tax or visa fraud.

Individual outcomes varied widely. Anming Hu, an engineering professor at the University of Tennessee, was indicted in 2020 for allegedly failing to disclose ties to a Chinese university while working on a NASA-funded project. A jury failed to reach a verdict and the court declared a mistrial, according to WilmerHale.

Harvard chemistry professor Charles Lieber was convicted in 2021 of making false statements and tax offenses in connection with receiving a $50,000-per-month salary and over $1.5 million for a research laboratory from a Chinese university, according to the DOJ's own compilation of China-related prosecutions. The range between those outcomes, from collapsed prosecution to federal conviction, captures the uncertainty that defined the initiative's impact on the research community.

A 2024 study published in the Proceedings of the National Academy of Sciences and summarized by the Stanford Center on China's Economy and Institutions found that departures of China-born scientists from the United States increased by 75 percent following the initiative's launch.

Among surveyed scientists of Chinese descent, 72 percent reported not feeling safe as academic researchers, 42 percent were fearful of conducting research, and 61 percent had considered leaving the country.

The DOJ ended the initiative in 2022, acknowledging its chilling effect on research collaboration. It subsequently shifted its enforcement approach to civil liability under the False Claims Act, targeting universities rather than individual researchers, according to WilmerHale.

The new investigations appear to stem in part from identifying researchers through journal articles with China-based co-authors that acknowledge federal funding. The regulatory and political environment around sensitive research can shift suddenly, and the enforcement mechanism can change even when the underlying scrutiny does not.

A Structural Mismatch

Inside organizations that work on strategically important programs, ordinary office politics can acquire unusual intensity. Succession fights, credit allocation, and executive maneuvering take on different stakes when the underlying work touches defense contracts, intelligence relationships, strategically important infrastructure, or proprietary systems whose competitive value can be measured in billions.

Information asymmetries that would be routine annoyances in a conventional corporate setting can become consequential when they involve export-controlled data, classified programs, or algorithmic intellectual property protected by trade-secret law.

This points to a central structural feature: an asymmetry of preparation that functions almost as a selection effect. Deep-tech ecosystems recruit people for their ability to think rigorously, to operate in abstraction, to trust institutional frameworks and formal processes. These are genuine strengths.

They are also the traits that can make practitioners poorly calibrated for environments where consequential pressures operate through informal channels, relational power, and deliberate ambiguity.

The practical consequences appear in specific, recurring patterns. The researcher who does not understand that a foreign collaboration triggers disclosure obligations. The startup founder who accepts investment from an opaque intermediary without understanding the CFIUS implications.

CFIUS review now extends to non-controlling investments in firms working with critical technologies and sensitive personal data, categories that encompass financial technology and payment systems alongside defense and semiconductors. The quantitative developer who does not realize that proprietary code is protected by federal trade-secret law, and that departing with fragments of it can trigger criminal prosecution.

In each case, the professional's technical competence is unquestioned. What is absent is a model of the professional environment that accounts for its informal, adversarial, and politically mediated dimensions.

The gap between the self-conception of many technical professionals and the actual conditions of their work is a governance and institutional design problem as much as a personal one.

The Five Eyes Secure Innovation guidance recommends cultures that treat operational awareness as a professional competence, that build institutional memory about non-technical risks, and that invest in partner diligence, legal literacy, and counterintelligence awareness from day one.

The fact that this recommendation now comes from the combined intelligence establishments of five nations, directed at startups and small companies rather than defense contractors, signals how far the risk surface has expanded beyond the institutions traditionally equipped to manage it.

For the individual practitioner, the starting point is recognizing that technical seriousness and strategic relevance do not merely open doors to interesting work. They reshape the operating environment around the people doing it.

Whether the ground underfoot is regulatory, political, adversarial, or some ambiguous combination of all three may be the most consequential professional question many practitioners never thought to ask.

Sources

• Office of the Director of National Intelligence. "Five Eyes Launch Shared Security Advice Campaign for Tech Startups." ODNI, 2024.
• "Five Eyes Launch Drive to Secure Innovation." MI5 / The Security Service, 2023.
• National Cyber Security Centre (UK). "Five Eyes Launch Shared Security Advice Campaign for Tech Startups." NCSC, 2025.
• Federal Bureau of Investigation. "Counterintelligence and Espionage." FBI, 2024.
• Federal Bureau of Investigation. "Combating Economic Espionage and Trade Secret Theft." FBI, 2015.
• James Andrew Lewis. "How Much Have the Chinese Actually Taken?." Center for Strategic and International Studies, 2018.
• The IP Commission. "The Report of the Commission on the Theft of American Intellectual Property." National Bureau of Asian Research, 2013.
• Cybersecurity Insiders. "2024 Insider Threat Report: Trends, Challenges, and Solutions." Cybersecurity Insiders / Securonix, 2024.
• Federal Bureau of Investigation. "Clearance Holders Targeted on Social Media: The Nevernight Connection." FBI, 2020.
• Office of the Director of National Intelligence. "Intelligence Threats and Social Media Deception." ODNI / NCSC, 2020.
• American Hospital Association. "Agencies Issue Guidance on Navigating Deceptive Online Recruitment of Current and Former Federal Employees." AHA, 2025.
• Lumifi Cybersecurity. "A Malicious Insider Attack Poses Costly and Silent Threats to the Finance Industry." Lumifi, 2024.
• Dechert LLP. "New US Laws Criminalize Theft of Trade Secrets, Including Quantitative Trading and Investment Models." Dechert LLP, 2013.
• Pensions & Investments. "Citadel Securities Says GSA Stole Data While Recruiting Trader." Pensions & Investments, 2020.
• U.S. Department of Justice. "Arizona Woman Sentenced for $17M Information Technology Worker Fraud Scheme That Generated Revenue for North Korea." DOJ Office of Public Affairs, 2025.
• U.S. Department of Justice. "Two U.S. Nationals Sentenced for Facilitating Fraudulent Remote Information Technology Worker Scheme That Generated $5M in Revenue for the DPRK." DOJ Office of Public Affairs, 2026.
• U.S. Department of Justice. "Justice Department Announces Coordinated, Nationwide Actions to Combat North Korean Remote IT Workers' Illicit Revenue Generation Schemes." DOJ Office of Public Affairs, 2025.
• Federal Bureau of Investigation. "North Korean IT Workers Conducting Data Extortion." FBI Cyber Division, 2025.
• Electronic Frontier Foundation. "U.S. Export Controls and 'Published' Encryption Source Code Explained." EFF, 2019.
• New America Foundation. "Doomed to Repeat History? Lessons from the Crypto Wars of the 1990s." New America, 2015.
• National Research Council. "Cryptography's Role in Securing the Information Society." National Academies Press, 1996.
• CVG Strategy. "Export Compliance Penalties for ITAR and EAR." CVG Strategy, 2025.
• MIT Technology Review. "The China Initiative, US Crackdown on Chinese Economic Espionage, Is a Mess. We Have the Data to Show It.." MIT Technology Review, 2021.
• WilmerHale. "DOJ's China Initiative Falters." WilmerHale, 2021.
• WilmerHale. "DOJ Revives China Initiative Tactics: Investigating Academic Researchers by Targeting Universities Under the False Claims Act." WilmerHale, 2025.
• Stanford Center on China's Economy and Institutions. "Reverse Brain Drain? Exploring Trends among Chinese Scientists in the U.S.." Stanford University / Freeman Spogli Institute, 2024.
• U.S. Department of Justice. "Information About the Department of Justice's China Initiative and a Compilation of China-Related Prosecutions Since 2018." DOJ National Security Division, 2022.
• Financial Crimes Enforcement Network. "FinCEN Home." U.S. Department of the Treasury, 2026.
• Digital Trends. "LinkedIn Reportedly Used by Some Nations to Recruit Spies." Digital Trends, 2019.