Six days from now, Donald Trump lands in Beijing for a summit with Xi Jinping that Bloomberg and the FT are covering entirely through the lens of tariffs, Taiwan’s political status, and whether Trump will suspend arms sales to Taipei in exchange for soybean purchases. All fair and important. None of it is what I want to talk about. What I want to talk about is the six-and-a-half-ton gorilla that has been sitting in the corner of every US-China tech negotiation since 2023 and which the Trump administration, per Brookings and the Atlantic Council’s post-Busan analysis, has been handling with breathtaking casualness: the security implications of semiconductor concessions made in a trade context, against an adversary that is simultaneously operating pre-positioned access in US critical infrastructure and running the most capable AI offensive programme outside the United States. The summit is in six days. Salt Typhoon is still in US telecom networks. Nobody is writing about the overlap.

What’s Actually Happening

Trump travels to Beijing from March 31 to April 2. The framework was negotiated in Paris last weekend by Treasury Secretary Scott Bessent, US Trade Representative Jamieson Greer, and China’s Vice Premier He Lifeng. Per Bloomberg’s reporting from March 13, the agenda includes tariffs, fentanyl, Taiwan, and — critically — “the potential for Chinese investment in the US and exports of advanced semiconductors, such as those manufactured by Nvidia.” Simultaneously, Taiwan’s Vice Premier Cheng Li-chiun told Taipei-side media this month that Taiwanese negotiators explicitly rejected US pressure to relocate 40 percent of semiconductor production to the United States, with Cheng stating flatly: “I told the US side very clearly — that’s impossible.”

The backdrop to those negotiations has been a year of Trump making increasingly transactional noises about Taiwan. His NYT interview comment — “it’s up to Xi” what China does about Taiwan — combined with delayed arms sales and the now-confirmed reports that the administration held back Taiwan arms transfers ahead of the Beijing summit, have generated sustained alarm in Taipei and among US allies in the region. Foreign Policy’s February analysis makes the structural argument clearly: Xi now has reason to believe Trump will facilitate Chinese pressure on Taiwan without Beijing needing to risk an invasion, because Trump views the island primarily through the lens of TSMC’s semiconductor capacity, not through a security alliance lens.

The October 2025 Trump-Xi meeting in Busan produced an agreement that, per Brookings’ analysis, suspended a BIS rule expanding restrictions on Chinese access to advanced US technologies in exchange for Chinese rare earth and semiconductor supply chain concessions. Atlantic Council analysts noted the national security implication with unusual directness: “national security measures have become negotiable in a commercial context.” The Brookings analysis was even blunter: Nvidia’s most advanced semiconductors and the status of Taiwan “appeared to have been cut out of the conversation” in Busan, creating “the impression that the United States can work with China on the same basis as it can with other regional actors.” Beijing’s subsequent scheduling of the April Beijing summit reflects the Atlantic Council’s conclusion that China is “boxing Trump in” to a series of pre-scheduled summits that give Beijing the scripted opportunity to press for additional concessions while maintaining the appearance of diplomatic progress.

Against all of this sits a cyber threat posture that the ODNI 2026 Annual Threat Assessment characterised as China presenting the “most persistent and active threat” in the cyber domain, with China assessed as the “most capable competitor in the field of artificial intelligence.” And Salt Typhoon — the Chinese state-sponsored campaign targeting US telecommunications infrastructure that the FBI and CISA confirmed in late 2024, documenting persistent access to at least nine major US telecoms — has not been fully remediated. CISA’s Salt Typhoon advisories from December 2024 remain active. The threat actor that targeted Verizon, AT&T, Lumen, and others for lawful intercept access — specifically targeting communications of US government officials and political figures — is operating in the environment in which Trump is conducting his Beijing pre-summit negotiations.

The Cyber Layer Nobody Is Writing About

Let me state the thing that the trade and geopolitical coverage isn’t connecting.

Trump is negotiating semiconductor access policy with a country whose state-sponsored hackers have been inside US telecommunications infrastructure — the infrastructure through which US government and military communications flow — for an assessed period of at least twelve months. The negotiations include whether Nvidia’s most advanced GPU chips can flow to China. Those chips are the compute substrate for the AI offensive capability that the ODNI assesses will “likely accelerate threats in the cyber domain.” This is not a trade negotiation with national security implications at the margins. This is a national security negotiation being conducted as a trade negotiation by people who have publicly indicated they are willing to treat national security restrictions as bargaining chips.

The semiconductor angle deserves specific attention because the coverage conflates two distinct risks. The first is direct military utility: H100 and H200-class chips power large model training that has direct intelligence and targeting applications. The second — less discussed and arguably more immediately relevant — is the AI-accelerated offensive cyber capability that the ODNI specifically flags. The ODNI’s language is not theoretical: China is assessed as the “most capable competitor in AI,” and AI will “likely accelerate threats in the cyber domain.” Accelerated in what specific ways? Automated spear-phishing that generates individualised, contextually accurate lures at industrial scale. Pattern recognition across exfiltrated credential datasets to identify the highest-value lateral movement paths. AI-driven analysis of defender behaviour to know when to go dormant before an alert fires. These are not speculative capabilities. They are the offensive applications of the compute substrate that is on the summit agenda.

My earlier research on the quantum and AI dimensions of national security threats traces exactly this convergence: AI offensive capability combined with pre-positioned infrastructure access creates a threat posture where the compute investment made years earlier activates strategically later. Every H100 cluster that reaches a Chinese AI operation today is a future offensive capability increment. That’s not my analysis. That’s the logic that motivated the original chip export controls that are now apparently negotiable in a trade context.

The Taiwan semiconductor dimension adds a layer that Foreign Policy’s analysis doesn’t fully explore from a security standpoint. TSMC’s fabs in Taiwan are not just economically important. They are strategically important specifically because their location in Taiwan creates a geographic security dependency — if Taiwan’s production were disrupted by a Chinese military action, the global semiconductor supply chain faces a catastrophic shock that no amount of Arizona fab investment solves in under a decade. Trump’s apparent framing — that TSMC’s US investment means “a very big part” of the business would be safe in the event of cross-strait conflict — represents a security analysis that every semiconductor engineer and supply chain expert I’ve read considers dangerously incomplete.

The CSIS US-ROK event happening in parallel today, examining how both countries can build active cyber deterrence against North Korean operations, implicitly asks the question that the Beijing summit context makes urgent: if the US alliance architecture in Asia is being eroded by transactional bargaining, and China’s pre-positioning in critical infrastructure is confirmed by the ODNI, and Salt Typhoon is still operating, what exactly is the deterrence posture for Chinese offensive cyber against US enterprise infrastructure during a period of perceived alliance weakness? The answer, based on everything I’m reading, is: considerably less robust than it was two years ago.

The Iran-vs-internet dynamic I documented after Operation Epic Fury showed what happens when geopolitical escalation activates pre-positioned cyber forces. China’s pre-positioning — confirmed by the ODNI — is an order of magnitude more sophisticated than Iran’s, directed at an order of magnitude more critical infrastructure, and operated by an adversary with an order of magnitude more AI offensive capability. The Beijing summit’s outcome will either raise or lower the probability that those pre-positioned capabilities get activated. The coverage is focused entirely on whether the tariff deal holds. The security community should be focused on what the summit signals about whether deterrence holds.

Why It Matters Beyond the Conflict Zone

The enterprise translation is direct and specific.

Salt Typhoon’s documented targets included lawful intercept systems — the backend infrastructure that US telecoms are legally required to maintain for government access to communications. The adversary was specifically interested in who the US government was surveilling. That means they know which corporate communications, financial transactions, and executive conversations are under US law enforcement scrutiny. For enterprises involved in government contracting, financial services, or any sector subject to regulatory oversight, that intelligence has direct implications for how you think about communication security.

The semiconductor policy trajectory matters for enterprise security infrastructure timelines. If advanced GPU chips become more accessible to Chinese AI programmes through trade-context concessions, the timeline for AI-accelerated offensive operations — particularly at the spear-phishing and credential-targeting layer — compresses. Enterprise security architectures built around current AI-generated phishing capabilities need to plan for a faster capability curve, not a slower one.

The alliance erosion dynamic has direct implications for information sharing. Five Eyes intelligence sharing, CISA joint advisories, and the kind of coordinated attribution that produced the Salt Typhoon disclosure all depend on alliance architecture that functions. If the US is perceived as an unreliable partner in the Indo-Pacific context — which the delayed Taiwan arms sales and the Beijing summit framing are contributing to — the information-sharing relationships that produce timely threat intelligence for enterprise defenders also become less reliable. The intelligence community is not immune to political pressure on what it can share and with whom.

What Went Wrong

The structural failure here is the one that the Brookings and Atlantic Council analyses identify: national security restrictions are being treated as trade currency in a negotiation with an adversary whose offensive cyber programme is simultaneously operating against US infrastructure. That is not a new problem. The Obama administration made similar mistakes on a smaller scale. The Trump administration is making them at a larger scale and at a faster pace, with an adversary whose AI capabilities make the implications of each concession more consequential than the prior generation of chip export control debates.

The Salt Typhoon remediation failure deserves its own paragraph. The FBI and CISA confirmed in late 2024 that Chinese state hackers had persistent access to at least nine US telecoms networks and had specifically targeted lawful intercept infrastructure. The advisory recommended a list of hardening measures. The telecoms have been working through them. Persistent access through telecoms infrastructure of the complexity and scale that Salt Typhoon established is not remediated with a CISA advisory and a few months of effort. The threat actor is still operating in an environment where the US government is about to conduct its most consequential China negotiations in years. That is the context nobody is foregrounding.

The Fix — Fixer’s Advice

The enterprise response to the Beijing summit isn’t to solve US foreign policy. That’s above your pay grade and mine. The enterprise response is to harden against the specific threat capabilities the summit context elevates.

Communications security — Salt Typhoon legacy:

If your organisation’s executives or legal team use standard cellular voice calls or SMS for sensitive communications involving government relationships, regulatory matters, litigation strategy, or M&A activity, assume that those communications have been accessible to Chinese state intelligence through Salt Typhoon’s lawful intercept access. This is not speculation — CISA and the FBI confirmed the access. Migrate sensitive executive and legal communications to end-to-end encrypted platforms: Signal for voice and messaging, ProtonMail or Tutanota for email. Enforce this for any communication that would create liability if intercepted. Do it before the summit on March 31, not after.

AI-accelerated phishing — updated training posture:

The ODNI’s assessment that China is applying AI capability to offensive operations means your phishing awareness training needs updating specifically for AI-generated personalised lures. The current generation of spear-phishing is not the generic “verify your account” format. It references your actual projects, matches your colleagues’ writing styles, and arrives in your inbox with accurate technical detail about your specific work. Train your teams on the pattern: any email requesting credential entry, payment action, or sensitive disclosure — regardless of how legitimate it looks — gets verified through a separately established channel before action is taken. No exceptions for urgency. Urgency is how the attack works.

Third-party and cloud provider review — Volt Typhoon pre-positioning:

The ODNI has confirmed pre-positioned Chinese state access in critical infrastructure sectors including telecommunications. If your cloud provider, managed service provider, or telecom vendor operates in any of those sectors, review your dependency on their infrastructure for sensitive operations. Specifically: review what data transits through US telecoms infrastructure, what cloud regions you use and where their physical infrastructure is located, and what the blast radius is if your primary telecoms or cloud provider experiences a coordinated disruption event. Build a communications and operations fallback for that scenario.

Geopolitical scenario planning:

The Beijing summit has four possible outcomes from a security standpoint. First, a trade deal that includes semiconductor concessions that accelerate China’s AI offensive capability — security implication: compress your timeline for AI-accelerated threat readiness. Second, an agreement that includes signals about Taiwan’s status that reduce deterrence — security implication: elevate your Taiwan semiconductor supply chain disruption scenario in BCP planning. Third, a meeting that produces no agreement and increases tension — security implication: watch for elevated Chinese cyber activity in the weeks following, consistent with post-summit signalling operations. Fourth, a meeting that genuinely reduces tensions without security concessions — security implication: things get better, but don’t bet your architecture on it.

Run these scenarios as table exercises before March 31. Know which one your organisation is most exposed to and which controls change based on the outcome.

Semiconductor supply chain dependency audit:

If your hardware refresh cycle, AI infrastructure buildout, or critical system architecture has a significant dependency on advanced semiconductors in a specific geographic concentration, now is the time to understand that dependency’s fragility. Not because invasion is imminent. Because your supply chain risk assessment should incorporate geopolitical scenarios that the IC is publicly assessing as realistic, not just scenarios that have happened before.

Final Call-Out

Trump lands in Beijing in six days. The agenda includes semiconductor policy that directly affects China’s AI offensive capability, Taiwan’s security posture that directly affects global semiconductor supply chain risk, and all of this is happening while Salt Typhoon is still in US telecom networks and the ODNI has confirmed Chinese pre-positioned access in critical infrastructure. The mainstream coverage is counting tariff concessions. The security community should be counting what the summit signals about deterrence — because deterrence is the only thing standing between pre-positioned access and activated access. One is a latent threat. The other is Caracas with the lights out, but at a scale that makes Venezuela look like a warmup act.