A ProPublica investigation has revealed that Microsoft employs engineers in China to help maintain computer systems for the U.S. Department of Defense, despite minimal oversight by U.S. personnel. The arrangement, which Microsoft uses to support its bid for Pentagon cloud contracts, may expose some of the nation’s most sensitive military data to cyber infiltration by China.
To comply with federal requirements that only U.S. persons access classified data, Microsoft uses a system involving “digital escorts.” These U.S.-based workers hold security clearances and act as intermediaries, entering code and commands submitted by China-based engineers. However, many escorts lack the technical background to understand the code they are inputting, creating a gap in oversight. Some are former military personnel with limited IT experience, working for near-minimum wage through staffing firms.
Cybersecurity experts warn that this setup is vulnerable to exploitation. The Chinese engineers possess superior coding knowledge, and escorts often cannot verify if the code is safe or malicious. This opens a critical security window in which foreign actors could insert undetectable backdoors into federal systems. Despite internal objections, Microsoft has continued expanding the escort program.
Microsoft says it has disclosed its oversight model to government agencies and implemented monitoring safeguards. However, several former U.S. officials said they were unaware of the program, and experts question whether any safeguards can compensate for the deep technical knowledge imbalance between escorts and engineers.
Concerns about the escort system have reportedly been raised for years, including by a former Microsoft cybersecurity executive. Given China’s legal authority to require cooperation from its citizens in intelligence operations, this ongoing practice raises urgent national security concerns. Microsoft’s outsourcing, despite rising geopolitical tensions, places Pentagon systems at direct risk of foreign surveillance.
