Lumen Black Lotus Labs documents a Volt Typhoon linked router botnet resurgence, while OpenAI's threat team discloses banned Chinese accounts using ChatGPT to draft covert influence content.
China is running a two-vector attack on American AI infrastructure, and both vectors run on hardware and software America built. A revived router botnet linked to Volt Typhoon is climbing back toward its pre-takedown size, while a parallel disclosure from OpenAI shows banned Chinese-origin accounts using ChatGPT to draft covert influence content aimed at US datacenter policy. The two stories appeared as separate items in The Register's recap of the Lumen Black Lotus Labs report (https://www.theregister.com/security/2026/06/11/china-linked-operators-revive-botnet-stir-ai-datacenter-debate/5253873), but they share a structural pattern: end-of-life US edge devices and US-hosted AI APIs, exploited as foothold and megaphone at the same time.
The botnet half is the easier one to map. The FBI disrupted the KV-botnet in January 2024, taking down infrastructure built from hundreds of end-of-life routers and other internet-connected devices that Volt Typhoon and other Chinese government-backed operators had used to burrow into US critical infrastructure and preposition for future destructive attacks. Lumen's Black Lotus Labs, the threat-intel team that has tracked the cluster for years, now reports what it calls a "significant resurgence," with the JDY cluster, originally one of four sub-clusters at takedown and used for scanning and reconnaissance, growing fastest and pulling in newly disclosed vulnerabilities faster than defenders can patch, according to The Register's writeup of the Lumen report. The KV cluster became largely defunct after the law-enforcement takedown.
The AI half is the harder one. OpenAI's threat-intelligence team has disclosed that banned ChatGPT accounts likely originating from China used the company's models to generate content for covert influence operations aimed at swaying US public opinion on building AI datacenters, per The Register's coverage of the OpenAI findings and the primary OpenAI June 2026 Threat Report. The OpenAI disclosure also describes the same operators leveraging American AI tools to collect data on US security-clearance holders and ordinary citizens — though the Register's excerpt does not provide full documentation of this claim and it should be verified against the primary OpenAI report before publication, the disclosure is listed as part of the same threat-actor pattern. The Register, citing that disclosure, characterizes the influence campaign as having made little traction "so far," a framing that should be read as the publication's read of the evidence rather than a settled judgment about effectiveness.
The asymmetry between the two halves is the part that should worry defenders most. CISA, NSA, and allied partners have published concrete Volt Typhoon mitigation guidance: replace end-of-life SOHO routers, hunt the published indicators, segment OT networks, and assume pre-positioning in any environment touched by the relevant ISPs. None of that playbook transfers cleanly to the AI-influence vector, where the "infrastructure" is a consumer chat product with a ban-evasion problem and the "indicators" are clusters of synthetic text and accounts that look indistinguishable from authentic users to all but the platform's own classifiers.
In practice, a security team that has executed the Volt Typhoon router checklist is still exposed to a Chinese-linked influence operation that uses the same company's laptops and the same productivity stack to draft its outputs. The defender's job in 2026 increasingly requires catching both, the C2 beacon on the office router and the synthetic comment under a datacenter-permit story, with the second job having almost no published playbook to follow.
The forward questions are sharper than the threat framing. Can OpenAI's ban-evasion detection generalize across the model fleet, or does each new model reset the cat-and-mouse clock? Will CISA's Joint Cyber Defense Collaborative expand its remit to include synthetic media targeting critical-infrastructure policy debates? And is there an equivalent of an end-of-life router replacement program for the AI APIs that adversaries are already co-opting, or is the answer a "do not use" list that defenders cannot actually enforce?
The router botnet is back. The AI influence playbook never left. Defenders can handle the first one if they read the Lumen report and apply the CISA guidance. The second one is the part that does not yet have a checklist.