Chinese Firm Receives Sensitive Data from TuSimple, Raising National Security Concerns

TuSimple, now known as CreateAI, has been embroiled in controversy since its inception as a China-backed startup in 2015. The company, which was founded by Xiaodi Hou and Lu Chen, has been at the center of several high-profile incidents, including a recent data breach that has raised concerns about the limits of US safeguards in the autonomous vehicle industry.

According to a report by The Wall Street Journal, TuSimple sent sensitive data to a Beijing-owned firm, Foton, in February 2022, just a week after signing a national security agreement with the US government. The data, which included technical instructions for server dimensions, brake designs, sensors, steering, power supply, and chips, was shared with Foton despite TuSimple’s commitment to cease such transfers under the agreement.

The data breach continued until TuSimple’s deadline to comply with the agreement six months later, according to hundreds of pages of correspondence viewed by The Journal. Although a subsequent investigation by the Committee on Foreign Investment in the US (CFIUS) found that the data sharing did not technically violate the agreement, TuSimple was fined for other infractions and paid a $6 million settlement without admitting fault.

This latest revelation comes eight months after TechCrunch reported that some of TuSimple’s shareholders were trying to block the company from transferring its US funds to its Chinese subsidiary. The drama is still unfolding, with Xiaodi Hou fighting in court for control over his voting shares to push for the liquidation of the company.

TuSimple’s ties with China have been a subject of controversy since its inception. The company has been accused of sharing confidential information with its Chinese partners, including Hydron, a Chinese hydrogen trucking startup founded by Chen. The overlap between Hydron and TuSimple was the subject of a 2022 CFIUS probe, during which TuSimple revealed that its employees spent paid hours working for Hydron in 2021 and shared confidential information with the company.

The Journal’s reporting sheds light on a previously reported controversy regarding Hydron, which shared an office with TuSimple China. The overlap between the two companies was the subject of a 2022 CFIUS probe, during which TuSimple revealed that its employees spent paid hours working for Hydron in 2021 and shared confidential information with the company.

According to documents viewed by The Journal, TuSimple negotiated a deal in 2021 between Hydron and Foton to develop autonomous trucks. Foton, a subsidiary of state-owned BAIC Group, has an agreement with a Chinese military university to work on AV tech. Through a combination of emails, Slack messages, and video calls, TuSimple sent partners technical instructions for server dimensions, brake designs, sensors, steering, power supply, and chips.

Employees also routinely downloaded autonomy source code developed by their American counterparts. The data breach has raised concerns about the security of sensitive information in the autonomous vehicle industry and the need for greater scrutiny of foreign investment in the US.

As geopolitical tensions and competition with China rise, TuSimple’s ties are serving as a cautionary tale for Washington, prompting stricter rules on Chinese-linked tech deals and fueling a broader push to block high-risk transactions outright. The incident highlights the need for greater scrutiny of foreign investment in the US and the importance of protecting national security interests.

TuSimple’s plans to restart self-driving operations in China have been hindered by the company’s ties with China and the CFIUS agreement. The company has told TechCrunch that it has been unable to restart operations in China due to court orders that barred the company from transferring assets to China.

The company’s decision to exit US operations and voluntarily delist from the stock market in January 2024 has raised concerns about the security of sensitive information in the autonomous vehicle industry. The incident has also sparked a debate about the role of foreign investment in the US and the need for greater scrutiny of Chinese-linked tech deals.

In a statement, TechCrunch said that it was unable to reach TuSimple, now known as CreateAI, for comment. The company has been the subject of several high-profile incidents, including a data breach and a CFIUS probe.

The incident has raised concerns about the security of sensitive information in the autonomous vehicle industry and the need for greater scrutiny of foreign investment in the US. As the US continues to grapple with the implications of China’s growing presence in the tech industry, the incident serves as a reminder of the need for greater vigilance and scrutiny of foreign investment in the US.