OpenAI is putting a spotlight on an under-the-radar artificial intelligence startup that it believes is on the “front line” of China’s race to lead the world in AI — and its not DeepSeek. 

In a blog post on Wednesday, the company wrote that Beijing-backed Zhipu AI has made “notable progress” in the AI race, as global competition ramps up.

Zhipu AI, founded in 2019, has been referred by domestic media as one of China’s “AI tigers” — a class of large language model unicorns seen as key to Beijing’s efforts to rival the U.S. and reduce its dependence on American technology. 

While fellow “AI tiger” DeepSeek has received the lion’s share of international attention after it released its R1 model in January, OpenAI suggests that Zhipu’s expansion outside China and its ties to Beijing deserve more scrutiny. 

The startup has raised funds from several local governments, according to state media. “Zhipu AI leadership frequently engages with CCP officials, including Premier Li Qiang,” OpenAI claimed, pegging the value of state-backed investments in the startup at over $1.4 billion.

Zhipu AI reportedly has offices in the Middle East, the United Kingdom, Singapore and Malaysia, and is also running joint “innovation centers” projects across Southeast Asia, including in Indonesia and Vietnam.

Those factors could see Zhipu AI playing a key role in China’s “Digital Silk Road” strategy, as it offers AI infrastructure solutions to governments around the world.

“The goal is to lock Chinese systems and standards into emerging markets before US or European rivals can, while showcasing a ‘responsible, transparent and audit-ready’ Chinese AI alternative,” OpenAI said. 

Zhipu AI did not immediately respond to a request for comment on OpenAI’s statements. However, last week, Zhipu AI Chairman Liu Debing told reporters that the company hoped to contribute China’s AI power to the world.

These aims represent a threat to OpenAI, which has received Washington’s support to promote its foundational models as the world’s go-to AI offering.

During a visit to the UAE in May, U.S. President Donald Trump announced over $200 billion in commercial deals in the region, including one for building a Stargate UAE AI campus by OpenAI, Oracle, Nvidia and Cisco Systems. It’s expected to be launched in 2026. 

The Stargate Project is a $500 billion AI-focused private sector investment vehicle, announced by OpenAI in January in partnership with Abu Dhabi investment firm MGX and Japan’s SoftBank.

This month, OpenAI was also awarded a $200 million contract to provide the U.S. Defense Department with artificial intelligence tools, and announced “OpenAI for Government,” an initiative aimed at bringing its AI tools to public servants across the U.S. 

Zhipu is also said to be working with its domestic military, helping China’s military to modernize through advanced artificial intelligence, which saw it added to the US Commerce Department’s Entity List in January.

The company has reportedly initiated preliminary steps toward launching an initial public offering. It has previously been valued at 20 billion yuan ($2.78 billion), according to local media reports.

Cybercriminals have intensified their efforts to steal and sell online passwords, experts warn. The alarm comes after the discovery of online datasets containing billions of exposed account credentials. 

The 30 datasets comprised a whopping 16 billion login credentials across multiple platforms, including Apple, Google and Facebook, and were first reported by Cybernews researchers last week. 

The exposures were identified over the course of this year by Volodymyr Diachenko, co-founder of the cybersecurity consultancy Security Discovery, and are suspected to be the work of multiple parties.

“This is a collection of various data sets that appeared on my radar since the beginning of the year, but they all share a common structure of URLs, login details and passwords,” Diachenko told CNBC. 

According to Daichenko, all signs point to the leaked login information being the work of “infostealers” — malware that extracts sensitive data from devices, including usernames and passwords, credit card information and online browser data. 

While the lists of logins are likely to contain many duplicates as well as outdated and incorrect information, the overwhelming volume of findings puts into perspective how much sensitive data is circulating on the web. 

It should also raise alarms on how infostealers have become the “cyber plague” of today, Daichenko said. “Someone, somewhere, is having data exfiltrated from their machines as we speak.”

Daichenko was able to detect the exposed data because their owners had temporarily indexed them on the web without a password lock. Inadvertently shared data leaks are often caught by Security Discovery, but not at scales seen so far this year.

Consequently, there’s been an uptick in high-profile infostealer attacks. For example, in March, Microsoft Threat Intelligence disclosed a malicious campaign using infostealers that had affected nearly 1 million devices globally. 

Infostealers typically gain access to victims’ devices by tricking them into downloading the malware, which can be hidden in everything from phishing emails to phony websites to search engine ads.

The motive behind infostealer attacks is usually financial, with attackers often looking to directly take over bank accounts, credit cards, and cryptocurrency wallets or commit identity fraud. 

Cybercriminals can use stolen credentials and other personal data for purposes such as crafting highly convincing, personalized phishing attacks and blackmailing individuals or organizations. 

According to Palo Alto’s Green, the scale and dangers of those types of infostealers have intensified, thanks to the growing prevalence of underground markets that offer “cybercrime-as-a-Service,” in which vendors charge customers for malicious tools, sensitive data and other illicit online services.

“Cyber crime-as-a-Service is the critical enabler here. It has fundamentally democratized cybercrime,” Green said.

Those underground markets — often hosted on the dark web — create demand for cybercriminals to steal personal information and then sell that to scammers. 

In that way, data breaches become about more than just the individual accounts — they represent a “vast, interconnected web of compromised identities” that can fuel subsequent attacks, Green said. 

According to Diachenko, it’s likely that at least some of the compromised login datasets he identified had or will be traded to online scammers. 

On top of that, malware kits and other resources that can help to facilitate infostealer attacks can be found on those markets. 

CNBC has reported on how the availability of those tools and services has significantly lowered technical barriers for aspiring criminals, allowing sophisticated attacks to be executed at a massive, global scale. 

The report found that infostealer attacks grew by 58% in 2024.

In addition to frequent password updates, individuals will need to be more alert about the increasing amount of malware hiding in illegitimate software, applications and other downloadable files, Valenzuela said. He added that the use of multi-factor authentication on accounts has become more important than ever.

From a corporate perspective, it’s important to adopt a “zero trust architecture” that not only constantly authenticates the user, but also authenticates the device and user’s behavior, he added.  

Governments have also been doing more to crack down on infostealing activities in recent months.

In May, Europol’s European Cybercrime Centre said it had collaborated with Microsoft and global authorities to disrupt the “Lumma” infostealer, which it called “the world’s most significant infostealer threat.”

The U.S. and China are usually top of mind when it comes to artificial intelligence and generative AI. But Southeast Asia’s small businesses have huge potential that shouldn’t be ignored, experts say.

In fact, it’s a matter of survival, according to Jochen Wirtz, a professor of marketing at the National University of Singapore Business School, who said those that fall behind will be “moved into a franchise business or will be pushed out of the market by bigger players who do it.”

“Either you grow and adopt, or you die,” he added.

AI and genAI will contribute about $120 billion to the region’s gross domestic product by 2027, Boston Consulting Group projected in an April report titled “Unlocking Southeast Asia’s AI Potential,” which cited the technology’s potential to “redefine business processes and unlock new revenue streams.” And Google’s e-Conomy SEA 2024 report found that Singapore, the Philippines and Malaysia are ranked among the top 10 globally for AI-related searches and demand, indicating “curiosity” and an “active interest” within the region.

Youth is an advantage. Among surveyed countries in the Asia-Pacific, Vietnam, Malaysia and the Philippines have the highest percentage of business owners or leaders under 40 years of age, according to CPA Australia’s Small Business Survey 2024-25.  

For countries such as Vietnam, “the future is bright because … it’s a very young population, is a very internet-savvy population,” said Soumik Parida, associate program manager of the professional communication program at RMIT University Vietnam’s School of Communication and Design. “They are starting to have a global voice and they’re very easy to adapt any new technology,” he added.

Here’s how some of the region’s businesses are using it to stay on top of the competition — as well as the opportunities and roadblocks they face.

Customer service is the leading use case in Southeast Asian e-commerce, followed by marketing and advertising, according to a joint report by Lazada and Kantar about AI adoption trends in the six largest economies in Southeast Asia. Also known as the ASEAN-6, they comprise Singapore, Malaysia, Vietnam, Indonesia, the Philippines and Thailand.

A McKinsey survey released in March revealed a similar trend: Companies have adopted genAI for marketing and sales, with tech companies leading the charge. It also showed that most adopters are using the technology to generate text, with 63% of surveyed companies reporting that they do so.

GenAI presents a unique boon for a region as linguistically diverse as Southeast Asia: Aside from writing personalized marketing messages, it can also translate promotional texts into different languages.

For example, Lita Global, an Indonesia-based social media platform for gamers, is benefiting a lot from that. Since integrating OpenAI’s models in the second half of last year, it said, it has been able to host almost twice as many online gaming events monthly, thanks to greater efficiency.

That’s a big boost for its business, since every event can raise weekly revenues by an average of 20%, the company said. 

With genAI, employees can quickly translate announcements about events from English to Southeast Asian languages, such as Vietnamese and Thai, to reach more users in the region. And that frees them up — time originally used for writing, translating and formatting promotional text can now be used for organizing more revenue-generating events, according to Lita Global.

The company also uses genAI in its chat function to recommend responses to users. Lita Global is a social platform where users can hire other gamers to play with them online.

Gamers for hire typically chat with users before an order is placed for a gaming session. But that can be difficult when demand for gamers is high and gamers for hire are busy with other matches. Gamers for hire who use the AI-recommended responses have seen a 10% to 20% uptick in orders, said Lita Global’s CEO Yihao Zhang.

“So we’re using AI to really help them to improve their efficiency, to help them to be more available to the users,” Zhang said.

Another way Southeast Asian MSMEs (micro, small and medium enterprises) can use genAI in marketing is through AI livestreaming. Google’s SEA e-Conomy report noted that live shopping has become more popular in the region. Live shopping, or livestreaming, usually involves a host showcasing the products for sale. Not only does this include clothing try-ons, but shoppers can also ask questions in the comments section, which are answered in real time.

While livestreams are traditionally hosted by humans in studios, MSMEs may lack the funds or technical know-how to execute regular livestreams to boost sales. AI livestreaming can open doors to new opportunities for sellers, said Jensen Wu, CEO of TopviewAI.

TopviewAI says on its website that its AI livestreaming services can cost around $1 per minute. Instead of spending on studio rental, samples of the merchandise and labor of human hosts, companies can have one person monitor the livestream, Wu said. That helps lower costs while boosting sales, making for a “pretty good” return on investment, he added.