A little-known program run by Microsoft may have put the U.S. Department of Defense at serious cybersecurity risk. According to a ProPublica investigation, Microsoft has been quietly using engineers based in China to help maintain cloud systems used by the Defense Department — relying on a system of “digital escort” for limited supervision by U.S. personnel.
Secret Supervision Model Raises National Security Alarms
“Digital escorts” — American citizens with security clearances — are tasked with monitoring these engineers and entering their commands into sensitive government networks. But here’s the catch: most escorts lack the technical knowledge to fully understand or evaluate the commands. Many escorts previously served in the military, have little to no coding experience, and earn close to minimum wage.
Microsoft and its partners have maintained this risky setup for nearly a decade, yet only now has it come to light. The program was essential for Microsoft to win federal cloud computing contracts, but cybersecurity experts and former officials say it could be a glaring vulnerability — especially with growing threats from China.
U.S. DOD Hosts Key Forum on Responsible AI in Defense
One current escort admitted, “We’re trusting that what they’re doing isn’t malicious, but we really can’t tell.” These concerns are especially alarming considering the sensitive data involved. The systems managed under this program contain information that, if leaked or damaged, could cause severe harm to national security, critical infrastructure, or military operations.
Behind the Scenes of Microsoft’s Escort Model
The escort model allows foreign engineers — especially those in China — to offer technical fixes and advice for U.S. defense systems. But instead of working directly on U.S. networks, these engineers pass instructions to escorts, who then input them. The idea is that the U.S.-based escort acts as a barrier, preventing foreign engineers from gaining direct system access. In practice, however, escorts often don’t have the technical knowledge to detect whether the commands they’re typing could cause harm.
A job ad from a Microsoft contractor, Insight Global, described the escort position as requiring a security clearance — not necessarily technical skills. The pay? Starting at just $18 an hour. The job description admitted that technical skills were “nice to have” but not essential. Many escorts handle hundreds of requests every month, most involving engineers from overseas. One escort said, “They’re telling nontechnical people very technical directions,” adding that if the instructions were malicious, it’s unlikely the escort would notice in time.
Microsoft President Brad Smith Testifies on Cybersecurity Failures Leading to Chinese Attacks
Despite these warnings, Microsoft claims the system is secure. The company insists that escorts go through training and that additional layers of security, like audit logs and a system called Lockbox, are in place to flag potential risks. Insiders and former Microsoft engineers have warned that underqualified escorts struggle to identify clever cyberattacks — especially when attackers disguise them as routine commands like “fix_servers.sh.”
One former Microsoft engineer who helped develop the system admitted that escorts possess only “somewhat” technical proficiency at best, and they primarily focus on preventing the exposure of sensitive information like passwords.
Escalating Warnings and Escort Silence
In 2023, Chinese hackers broke into cloud-based email accounts of senior U.S. officials. The breach affected the State Department, the U.S. ambassador to China, and even the Commerce Secretary. Over 60,000 emails were stolen. While Microsoft was criticized for this major security lapse, the escort system was not investigated as a potential cause.
Three months after that attack, a former Insight Global contractor named Tom Schiller filed a complaint. He warned lawmakers about the escort system in a letter and by calling a Defense Department hotline. Schiller was accustomed to the escorting procedure from his brief stint as a software developer at Insight Global. His warning reached the Defense Information Systems Agency’s Office of the Inspector General (DISA IG), which conducted interviews with Schiller and three others.
But in August, the inspector general closed the case. The agency explained that the matter didn’t fall under its jurisdiction and referred it to DISA management. When ProPublica contacted DISA’s public affairs office, officials initially claimed they couldn’t find anyone familiar with the escort system. Later, they confirmed that the Defense Department uses escorts “in select unclassified environments” to support problem-solving by foreign experts. They also echoed Microsoft’s claim that foreign workers offer only guidance — not direct access.
DOD ManTech unleashed — Pentagon’s billion-dollar push for smarter, faster war machines
However, experts disagree. David Mihelcic, former Chief Technology Officer at DISA, warned that even indirect access is dangerous. “Here you have one person you really don’t trust because they’re probably in the Chinese intelligence service, and the other person is not really capable,” he said.
Warnings Ignored Amid Rising Tensions
Concerns have grown more intense amid worsening U.S.-China relations and fears of potential cyber retaliation tied to trade and political tensions. In Senate testimony this May, Microsoft President Brad Smith said the company was “pushing Chinese out of agencies.” He didn’t explain how they got in or how the company plans to prevent it from happening again.
What’s clear is that multiple former officials, cybersecurity experts, and even Microsoft employees have flagged this escort model as a serious risk. But despite the warnings, neither Microsoft nor its government partners have shared clear details on whether anything is being done to address the problem.