Beijing's Manus move tests whether Singapore-washing survives in the AI era
Plus, Iran strikes AWS cloud infrastructure in Bahrain for the second time in a month, exposing a governance gap in dual-use digital infrastructure that most governments have yet to close.
Welcome to the latest edition of ASPI’s Cyber & Tech Digest.
Each week, ASPI curates and contextualises the most important developments in cyber, technology, and geopolitics — highlighting what matters and why.
This edition covers the period: 21 March 2026 to 27 March 2026.
Follow the Australian Strategic Policy Institute on Bluesky, LinkedIn, and X.
What We’re Tracking
China restricts Manus founders from leaving as Meta deal faces scrutiny
What happened: China’s National Development and Reform Commission has summoned the co-founders of Manus — a Chinese-born AI agent company acquired by Meta for $2 billion at the end of 2025 — to Beijing to question them over potential foreign direct investment violations. After the meeting, both executives were told they could not leave the country. No formal investigation has been opened and no charges have been brought.
The deal was already under review by China‘s Ministry of Commerce over potential export control violations, as the Financial Times reported in January. The new NDRC inquiry focuses on whether Manus properly notified authorities of ownership changes after the transaction closed.
Manus was founded in China but relocated to Singapore last year. Meta has already begun integrating its AI agent software into its platform; one person familiar with the matter described any unwind as “messy.”
Why we’re tracking this: The Manus case is a test case for a broader pattern of Chinese-born AI companies redomiciling to Singapore to access Western capital, a manoeuvre that has come to be known as “Singapore-washing”. Meta’s acquisition was possible in part because Manus had repositioned as a Singaporean company. Beijing‘s dual-track intervention raises questions about whether that repositioning provides genuine legal distance or merely symbolic cover.
What people are saying:
A Meta spokesperson told the Financial Times: “The transaction complied fully with applicable law. We anticipate an appropriate resolution to the inquiry.”
Aylon Berger at the Lowy Interpreter wrote in February that Beijing‘s tolerance for Singapore-based restructurings “may be wearing thin”, and Washington‘s could follow.
My view: For most of the past two decades, Chinese tech companies could globalise precisely because their corporate structures were intentionally opaque. They were offshore in name, but Chinese in substance. In the age of frontier AI, that ambiguity has become a liability on both sides. Western regulators are tightening rules to limit China-linked investment, and Beijing is increasingly unwilling to let strategic capabilities exit without oversight. Beijing’s intervention in Manus seems more reactive than doctrinal to me, a way to make tech entrepreneurs reconsider whether to pursue lucrative exits outside China, without pushing hard enough to spook the broader tech ecosystem it needs. The template Beijing appears to prefer resembles what Sequoia Capital did in 2023: spin off the China business, rename it something else (in this case, “HongShan”), and then create two legally distinct entities where domestic R&D remains under state oversight, but the international operation is free to access Western capital. The open question is whether terms strict enough to satisfy Beijing’s strategic concerns can still keep deals attractive to foreign acquirers.
— Fergus Ryan, CTS
Iran strikes Amazon cloud infrastructure in the Gulf
What happened: On Tuesday 24 March, Reuters reported that Amazon Web Services‘ Bahrain region had been disrupted by drone activity for the second time in a month. Amazon confirmed it is migrating customers to alternate regions but did not confirm whether the facility was directly hit.
The first attack, on 1 March, was more severe. Iranian drones struck two AWS data centres in the United Arab Emirates and damaged a third in Bahrain, the first confirmed military attack on hyperscale cloud infrastructure. Amazon described structural damage, disrupted power delivery and a “prolonged” recovery. The Islamic Revolutionary Guard Corps said the strikes were intended to probe “the role of these centres in supporting the enemy’s military and intelligence activities.”
Why we’re tracking this: Amazon, Google, Microsoft and Oracle all hold contracts under the US Department of Defense‘s $9 billion Joint Warfighting Cloud Capability program, meaning commercial cloud facilities may serve both civilian and military customers simultaneously. Where that is the case, their legal status as military targets becomes contested. The conflict has also exposed a governance gap: most governments lack visibility over which of their critical services depend on which cloud infrastructure, and where that infrastructure physically sits.
What people are saying:
Joseph Jarnecki and Noah Sylvia at RUSI identify three rationales behind the strikes: imposing economic and reputational costs on Gulf states; probing military-relevant digital capabilities; and generating societal disruption through service outages.
Sam Zabin of CSIS, quoted in Rest of World, said the US government and industry had “prioritised expansion over kinetic risk mitigation.”
International law scholars León Castellanos-Jankiewicz (Asser Institute) and Ioannis Kalpouzos (Harvard Law), in The Intercept, said legality turns on whether a facility is “genuinely serving the military operations of a party to the conflict.”
My view:
Iran’s strikes on Gulf data centres, as the first confirmed kinetic attack on public cloud infrastructure, raise a legal grey-zone debate over whether such systems qualify as legitimate military targets. Commercial cloud infrastructure is, in principle, protected under the law of armed conflict through the distinction between civilians and combatants. But that protection becomes harder to apply when the same systems support military or intelligence functions. The more immediate challenge lies in governance: identifying which critical services depend on which hyperscale providers, and where those providers physically sit, has become urgent. Most governments have not done that work.
— Fitriani, CTS
What We’re Watching
A weekly scan of notable developments we’re tracking across technology, policy, and geopolitics.
⸻
🚀 Strategic competition
Iran warned it would strike energy, water desalination and information technology infrastructure in Gulf states if the United States proceeds with plans to attack Iran’s power grid. Amazon said its AWS cloud region in Bahrain was disrupted by drone activity for the second time in a month and is migrating customer workloads while it assesses damage. Earlier this month, Iran-linked drones damaged three AWS data centres in the UAE and Bahrain, disrupting internet services and forcing AWS to suspend operations at affected sites.
Palantir used its developer conference to showcase AI battlefield tools, with executives and military officials framing the company’s role as integral to U.S. operations against Iran. Lawfare’s coverage described the US–Israel operation as combining cyber, information, space and electronic warfare with kinetic strikes, drawing retaliatory Iranian cyber operations targeting U.S. and allied infrastructure.
Shield AI raised $2 billion at a $12.7 billion valuation and said it plans to acquire simulation software company Aechelon Technology as demand grows for AI-powered drones and autonomy software.
The U.S. Army selected Carlyle and KKR to build and operate two large data centres on military bases, each estimated to cost about $2 billion, with the army leasing AI computing capacity while unused capacity is sold commercially.
Russia’s Bureau 1440 launched 16 broadband satellites under its Rassvet project, its first operational step toward a low-Earth-orbit constellation. Officials said the system is intended as a sovereign alternative to SpaceX’s Starlink.”
China Computer Federation urged researchers to boycott NeurIPS after organisers barred submissions from U.S.-sanctioned institutions including Huawei. The move followed the conference's decision to comply with U.S. sanctions and drew backlash from Chinese researchers.
⸻
🧠 AI models, agents & compute
Tencent launched ClawBot by adding the OpenClaw agent as a contact inside WeChat, extending a recent run of agent products that also includes QClaw, Lighthouse and WorkBuddy.
Chinese AI providers including DeepSeek and MiniMax were reported to have overtaken U.S. rivals in token consumption since February. Lower token costs, driven by cheaper energy and more efficient model design, are allowing Chinese firms to charge significantly less than U.S. competitors as AI agents drive up usage.
OpenAI has decided to discontinue Sora as it shifts resources toward coding, enterprise productivity and agent tools. The company is also pushing for browser choice screens as it tries to challenge Google in search. Meta, meanwhile, put CTO Andrew Bosworth in charge of its AI For Work initiative to accelerate internal adoption of AI tools. Later in the week, the company laid off about 700 employees, mainly in Reality Labs.
OpenAI has put plans for an erotic chatbot on hold indefinitely, citing internal and investor concerns about social harms, unhealthy emotional attachment and risks to minors.
Elon Musk said Tesla and SpaceX will build an Austin semiconductor facility to make chips for AI, robotics and space applications under a broader Terafab initiative.
U.S. authorities charged three people over an alleged scheme to smuggle export-controlled Nvidia chips to China using shell companies in Thailand. The group allegedly sought to buy nearly $62 million worth of Supermicro servers equipped with Nvidia GPUs before the transactions were cancelled.
Across China, robotics firms were reported to be scaling industrial and humanoid systems with state funding, municipal support and dense hardware supply chains, targeting factory, retail, logistics and workforce training. In Australia, CSIRO researchers developed a proof-of-concept quantum battery that can charge, store and discharge energy in a full cycle. The National Reconstruction Fund invested $20 million in Silicon Quantum Computing as the company expands chip manufacturing and pursues a commercial-scale quantum computer early next decade.
Uber partnered with Pony AI and Verne to launch a commercial robotaxi service in Europe, starting in Zagreb. Pony AI will provide autonomous driving technology, Verne will manage the fleet and Uber will supply its ride-hailing platform and customer base.
⸻
🛡 Cyber posture
The U.S. Federal Communications Commission banned imports of new foreign-made consumer routers after a White House review found they pose a severe cybersecurity risk to critical infrastructure, while exempting devices cleared by the Pentagon. The U.S. State Department launched a Bureau of Emerging Threats focused on cyberattacks, AI misuse, space security and critical infrastructure risks from adversaries including Iran, China, Russia and North Korea.
Australian Cyber Security Centre released guidance on securing low Earth orbit satellite communications with international partners, outlining risks across space, ground, user and supply-chain segments and calling for encryption, zero trust architectures and supply-chain assurance. Meanwhile, a French officer reportedly leaked the location of the aircraft carrier Charles de Gaulle by uploading a GPS-tracked run to Strava while on deck.
Queensland Audit Office found three public sector entities could not effectively manage third-party cyber risks, with auditors able to obtain passwords, access systems, extract sensitive data and, in two cases, gain administrator-level access. The report also found weak procurement and contract controls and said CDSB and DHPW remain too slow and lack visibility over sector-wide third-party risk.
Health New Zealand warned staff not to use unapproved AI tools such as ChatGPT, Claude and Gemini to draft clinical notes, citing data security, privacy and accountability risks. A memo said the practice is strictly prohibited and could lead to disciplinary action, with AI tools required to be registered with the agency's national advisory group.
Open-source maintainers removed two versions of LiteLLM from PyPI after attackers used a compromised dependency and a misconfigured Trivy CI/CD pipeline to insert credential-stealing code into downstream workflows. Trio-Tech International disclosed a ransomware attack affecting its Singapore subsidiary that escalated from system disruption to data exfiltration, with the company still assessing scope and financial impact.
Researchers said the ClayRat Android spyware operation collapsed after infrastructure failures and the arrest of its suspected developer in Krasnodar, with all known command-and-control servers going offline within months of launch. Also, a U.S. Army soldier and two civilians were sentenced for helping North Korean IT workers secure jobs at U.S. companies using stolen or shared identities.
Security researchers reported a growing underground market for premium AI accounts including ChatGPT, Claude and Copilot, with access resold via bundled subscriptions, compromised credentials and API keys. They said the tools are increasingly being used by threat actors to scale phishing, fraud and social engineering.
⸻
🕵️ Surveillance states
Hong Kong introduced rules requiring people to surrender passwords or decryption methods for devices under investigation, with prison terms and fines for non-compliance. Earlier this month, Russia expanded the Federal Security Service’s power to order telecom operators to block access for security reasons. Authorities have increasingly used localised shutdowns and service restrictions while maintaining access to selected services via whitelists.
In Carnegie Endowment, Iran was described as using internet access as a wartime political instrument by granting unfiltered connectivity to people amplifying regime narratives while keeping much of the population offline. In Wired, activists and volunteers built Mahsa Alert to provide strike warnings, verified attack locations and offline updates during the conflict and related shutdowns.
In Bloomberg, Sandvine, later rebranded as AppLogic Networks, was reported to have sold deep packet inspection technology to Egyptian government bodies and other authoritarian regimes after its acquisition by Francisco Partners. The U.S. Entity List designation that followed cut the company off from suppliers and helped trigger layoffs, debt distress, restructuring and a withdrawal from more than 50 non-democratic countries.
In Australia, Services Australia, the ATO and Defence decided not to enable a new Microsoft Teams feature that would update worker location via workplace WiFi. In the Financial Times, Palantir was described as becoming a political liability in U.S. campaigns as candidates face scrutiny over investments, donations and ties to the company because of its work with Immigration and Customs Enforcement.
⸻
⚖️ Platform accountability
Polymarket has promoted itself as a truth-seeking platform, but a review in The New York Times found its social accounts had posted hundreds of false or misleading claims across platforms. In recent days, experts said trading on a US-Iran ceasefire market showed patterns consistent with possible insider knowledge after earlier suspicious trades around U.S. strikes on Iran. Kalshi, meanwhile, said it will bar athletes, coaches, officials and political candidates from trading on markets tied to their own sports or campaigns.
An Australian Senate inquiry found widespread climate misinformation amplified by social media platforms and AI-generated content, affecting public opinion on issues including wind farms, batteries and climate policy. The inquiry said false claims had influenced local decisions and flagged limited platform accountability and transparency around funding sources.
Meta faced criticism over more than 26,000 fake Facebook ads promoting investment scams across at least 25 countries, including Australia, using AI-generated images, cloned news sites and fabricated endorsements. X paused planned changes to creator revenue-sharing after backlash from global creators who said the new weighting toward home-region engagement would cut reach and income.
A U.S. federal judge dismissed X Corp's lawsuit accusing major advertisers and the World Federation of Advertisers of coordinating an illegal boycott. The court ruled that X had failed to show harm under antitrust law.
The Trump administration settled a lawsuit barring the Surgeon General’s office, the CDC and CISA from threatening social media companies with legal or regulatory penalties to remove protected speech. The agreement still allows officials to publicly challenge misinformation without coercion.
Wikipedia updated its English-language guidelines to ban editors from using AI to write or rewrite articles, while still allowing limited copyediting suggestions and translation if accuracy is verified. The change followed ongoing efforts by the community to remove low-quality AI-generated entries.
⸻
🧒 Online harms & child safety
Pinterest CEO Bill Ready called for a global ban on social media use by children under 16 and urged governments to enforce age limits while holding both platforms and mobile operating systems accountable. He cited Australia’s policy as a model even though Pinterest itself is not covered by it. In the United Kingdom, Apple rolled out age checks for iPhone users, requiring them to confirm they are over 18 for some apps and services after government pressure tied to the Online Safety Act.
The United Kingdom launched pilot programmes with 300 teenagers to test social media bans, curfews and app time limits, as officials assess effects on sleep, family life and schoolwork. The trials will inform an ongoing consultation on possible restrictions, including a ban for under-16s.
Australia's eSafety Commissioner said major AI companion chatbots are failing to adequately protect children from harmful and sexually explicit content. The report identified weak age verification, limited safeguards against child exploitation material and insufficient responses to self-harm risks across services including Character.AI, Nomi, Chai and Chub AI.
The European Commission accused major adult websites including Pornhub, Stripchat, XNXX and XVideos of failing to adequately protect minors, citing weak age verification and risk assessments. The findings came under the Digital Services Act, which allows fines of up to 6 per cent of global turnover. The European Commission also launched an investigation into Snapchat over alleged failures to protect minors, including weak age verification, exposure to grooming and risks of illegal goods sales. The probe will assess whether Snap is adequately enforcing child-safety measures under the Digital Services Act.
Meta was ordered to pay $375 million after a New Mexico jury found it misled users about platform safety and enabled harm including child sexual exploitation. CNBC reported a second phase of the case will begin in early May to determine additional remedies and whether Meta must fund mitigation programmes.
Days later, a Los Angeles jury found Meta and YouTube negligent over addictive design features including infinite scroll and algorithmic recommendations. Back-to-back verdicts in two states have produced what analysts are calling Meta’s “big tobacco moment”: the point at which product-liability claims begin to compound into systemic legal risk. More than 3,000 similar cases are pending in California alone, brought by individuals, states and school districts. The cases are framed around design decisions, not content — which lets plaintiffs route around the Section 230 protections that have historically shielded platforms from this kind of liability.
⸻
🧑⚖️ Courts, enforcement & regulation
A federal judge questioned the Pentagon’s designation of Anthropic as a supply-chain risk. The judge raised concerns the move could amount to illegal retaliation after Anthropic sought to limit military uses of its tools. The dispute comes as a proposed federal procurement rule, described in The Lever, would require AI vendors to allow government use of their systems for any lawful purpose and bar them from enforcing their own safety or use restrictions.
The Fair Work Commission introduced new disclosure and verification requirements for litigants using generative AI in submissions, including checks on accuracy, relevance and fabricated citations. The rules also require witnesses to confirm statements are based on their own knowledge and are accurate.
European Parliament lawmakers voted to delay key provisions of the EU AI Act while backing a ban on so-called nudify apps. The changes would push some compliance deadlines into 2027 and 2028 and delay watermarking rules until later this year, pending negotiations with the European Council.
⸻
🌏 Global policy
🇦🇺 Australia
Anthropic CEO Dario Amodei is expected to visit Australia next week as part of a broader executive leadership trip, with sources in Canberra and the Australian AI community confirming the planned visit to Crikey. The trip comes amid the company’s ongoing tensions with the Trump administration after the Pentagon designated Anthropic a supply-chain risk.
Australia introduced a five-step framework requiring tech companies seeking approval for data centres and AI projects to meet national-interest conditions on renewable energy, water use, local jobs and domestic compute availability.
Accenture Australia won a $16 million contract to build a new Climate Risk Hub for the Australian Climate Service, with delivery running over three years and possible extensions into the next decade.
In The Strategist, Andrew Horton argued Australia’s copyright regime as constraining domestic AI development by limiting access to training data. In another piece, Isaac Sharp described Australia as lacking policy frameworks for AI digital twins in defence and critical infrastructure settings.
🇺🇸 United States
Sen. Bernie Sanders and Rep. Alexandria Ocasio-Cortez introduced legislation to pause new AI data-centre construction until federal safeguards covering worker protections, environmental impacts and civil rights are enacted.
The Office of the Director of National Intelligence moved to assume oversight of In-Q-Tel from the CIA. Later in the week, President Donald Trump appointed tech executives including Mark Zuckerberg, Larry Ellison and Jensen Huang to the President’s Council of Advisors on Science and Technology.
Melania Trump appeared at a White House event alongside a humanoid robot developed by Figure AI, calling for wider use of AI-powered robots in children's education.
⸻
💰 Tech business & markets
Bitmain partnered with American Bitcoin to deploy mining infrastructure and develop a large data centre in Texas, despite ongoing U.S. national security scrutiny of Bitmain equipment and investigations into possible risks to the power grid and nearby military sites.
Apple CEO Tim Cook praised Chinese developers and manufacturing partners at the China Development Forum days after state media criticised the company’s App Store policies and called for more regulatory changes. Apple has also reduced developer fees in China and continues balancing strong local sales with supply-chain diversification into India and Vietnam.
NextDC warned Australia’s slow energy transition and grid constraints could divert AI investment and jobs overseas even as demand for electricity from data centres rises. The company said growing use of AI inference is increasing the importance of reliable, affordable power in decisions about where systems are deployed.
Meta raised its planned investment in an El Paso data centre to more than $10 billion as it expands AI infrastructure. The gigawatt-scale site is one of more than 30 facilities Meta has built or is building.
That’s all for this week. For more timely analysis and commentary, check out The Strategist and ASPI’s Stop the World podcast—or our other Substack newsletters:
