Leaked Documents Reveal China's AI Surveillance Ambitions: Predicting Dissent, Exporting Censorship

The Predictive AI System: Profiling Citizens for Political Risk

The most alarming revelation from the leaked documents is Geedge's development of next-generation AI tools designed to identify potential government critics before they speak or act. According to Vanderbilt researchers, the company—working with its government-supported research arm, Mesa Lab, under the Chinese Academy of Sciences—is building technology that merges citizens' location data, telecommunications records, and internet activity with artificial intelligence models to generate detailed behavioral profiles .

The system then scores individuals based on their predicted likelihood of becoming a political risk to the state. Researchers have described this as a "hydra-style" surveillance system, a reference to its multi-headed architecture capable of ingesting diverse data streams to profile ordinary citizens . The goal is not merely to monitor existing dissidents but to flag people before they ever criticize the government—a form of pre-crime risk assessment applied to political speech.

Crucially, the predictive AI system is reportedly still under development and not yet fully deployed . One significant reason for the delay is U.S. export controls. American restrictions on advanced AI chips have limited Geedge's access to the high-performance processors required to run the computationally intensive models, slowing the development timeline . The chip curbs have created a tangible bottleneck, demonstrating how export policy can directly impact the pace of authoritarian technological advancement.

Global Exports: The 'Great Firewall in a Box' Business Model

While the predictive AI system remains in development, Geedge has already built a thriving business selling its current-generation censorship technology to authoritarian governments. The leaked documents provide concrete evidence of deployments or licensing in at least four countries :

• Myanmar – Geedge's Tiangou Secure Gateway has been installed across 26 data centers and is used by the military junta to build a centralized censorship and real-time surveillance system covering approximately 33.4 million users . The system is centrally managed by the junta's National Cyber Security Center.
• Pakistan – Documented evidence confirms sales of Geedge surveillance infrastructure, with reporting indicating the company filled a gap left by sanctioned Western firm Sandvine .
• Ethiopia – Internal documents list Ethiopia as a confirmed client for Geedge's censorship exports .
• Kazakhstan – Evidence shows Kazakhstan is among the countries that purchased Geedge's national-scale monitoring capabilities .

Additionally, documents reference at least one other unidentified customer country, suggesting the full scope of exports may be even broader .

Inside the Tiangou Secure Gateway: Surveillance Capabilities Exposed

The technical specifications revealed in the leak show that TSG is a modular, carrier-grade platform that grants client governments unprecedented control over their national internet infrastructure. Key capabilities documented in the leaked files include:

Real-Time Population Monitoring – A module called "Cyber Narrator" records every user action across the network, including all visited websites, DNS queries, IP addresses, timestamps, and data volumes. This data flows into an analytics hub called "TSG Galaxy," which builds persistent user profiles and maps social connections .

Website and Application Blocking – The system uses deep packet inspection (DPI) to intercept, decrypt, and block web traffic at a national scale. It can target specific websites, apps, and encrypted communications, including virtual private networks (VPNs) commonly used to bypass state censorship .

Targeted Individual Surveillance – Beyond mass filtering, TSG enables granular control over specific users. Governments can target individuals based on their browsing history, such as having visited particular domains, enabling precise tracking of journalists, activists, and perceived opponents .

Cyberattack Capabilities – Internal planning documents referenced desired functions including the ability to launch cyberattacks, notably denial-of-service operations against targets. The documents also discussed "cyberattack-for-hire" and geofencing capabilities for isolating specific users .

Implications and Limitations

The Geedge Networks leak represents one of the most significant exposures of the global surveillance technology trade. At 572 gigabytes, it is the largest-ever leak of internal data from a company tied to the Great Firewall, providing unprecedented ground truth on how censorship infrastructure is exported as a commercial product .

The fact that the predictive AI system remains incomplete and hampered by chip restrictions offers a narrow window for policy intervention. Researchers at Vanderbilt and investigative journalists have emphasized that the documents reveal a business model in motion—one that marries domestic experimentation in regions like Xinjiang with international sales to like-minded regimes, creating a feedback loop that strengthens authoritarian control in multiple countries simultaneously .