To Win the AI Race, Bolster Export Control Enforcement With Intelligence

On July 10, the Trump administration released its plan to lead in artificial intelligence (AI). However, the U.S. risks losing this race—not for lack of chips, talent, or capital—but because it is too slowly and reactively enforcing existing export controls on the critical hardware. Current enforcement focuses on investigating and punishing violations after the fact, instead of proactively uncovering and mitigating known ways that adversaries acquire these controlled technologies, such as via smuggling, transshipment, and shell companies. The U.S. cannot afford to stay in such a reactive posture.

The Department of Commerce’s Bureau of Industry and Security (BIS), chronically understaffed and underfunded, cannot keep pace with the scale of the challenge alone. The recent loosening of some export restrictions, such as allowing Nvidia to resume sales of the H20 chip to end users in China, might suggest a reduced need to focus on export control enforcement. In fact, the opposite is true. The narrower the rules, the more essential it becomes to ensure licenses go only to approved recipients, that those “approved recipients” are not users who contribute to China’s use of AI for civil-military fusion, and that monitoring of this occurs continuously rather than as a one-off check. Tighter monitoring will not fully offset the risks created by allowing more AI chips to flow, but it is essential for understanding how these chips are used, by whom, and how they enable downstream capabilities. That intelligence is what makes it possible to design and enforce effective follow-on controls, thus preventing China from acquiring controlled AI chips, high-bandwidth memory, and semiconductor manufacturing equipment (SME) and other chipmaking tools. A renewed enforcement strategy, enabled by whole-of-government capacity, will also be critical to verify that only items approved for export to China, including a potentially new version of the powerful Nvidia Blackwell, are sent there. To start, this could include embedding expertise from the U.S. intelligence community alongside BIS’s legal and technical staff, and shifting enforcement mechanisms from a reactive “punish after violations” model to a proactive “monitor, verify, and prevent” strategy. 

In other words, what’s missing is less about drafting new rules and more about consistently executing the ones already on the books. Even the strongest controls fail if enforcement remains reactive. Indeed, the Trump administration’s action plan calls for a partnership between the BIS and the intelligence community for this purpose, but it lacks details on implementation. Ad hoc cooperation already occurs. What’s missing is institutionalized integration at the line level, which is blocked less by technical capacity than by policy trade-offs inside the U.S. government. Absent clear guidance, well-intentioned leadership in the intelligence community and BIS will almost certainly remain focused on answering today’s mail without planning for a more effective strategy. The capacity for this already exists across the U.S. government—from targeting resources at the CIA and the National Security Agency (NSA) to technical staff at Commerce’s Center for AI Standards and Innovation—but they remain scattered and underused. Intelligence support can help mitigate some of these shortfalls in the near term, though ultimately BIS will need greater resources and modern infrastructure—more secure facilities and classified work stations—to sustain an effective enforcement mission. A serious enforcement strategy will require bringing these efforts under one roof. 

Monitor: Fusing Intelligence and Enforcement

First, the U.S. must embed intelligence expertise directly into BIS’s oversight and enforcement operations, creating a joint structure that treats AI export controls as seriously as other national security issues that use a joint approach, such as counterterrorism. Currently, BIS relies on an ad hoc system of one-off intelligence products sent via emails, readbooks, calls, and after-the-fact assessments of violations. This is emblematic of a broader, more reactive approach that focuses enforcement on static updates to the Entity List that merely flags which actors should be denied licenses. BIS’s enforcement component already includes divisions that interface with the intelligence community, such as its Information Triage Unit that reviews all-source information on foreign end-users. But these resources remain scarce and underutilized, leaving BIS reliant on these ad hoc intelligence pushes rather than on comprehensive targeting, collection, and analysis.

A more effective model would create an automatic, integrated flow of intelligence by placing intelligence community analysts, targeting officers, and technical specialists from the CIA, the NSA, and the National Geospatial-Intelligence Agency (NGA) alongside BIS export enforcement staff in a task force setup. With their collection resources, technical infrastructure, and authorities, elements from the intelligence community can continuously map smuggling routes, expose shell companies, and track suspected Chinese end-users tied to the security services—capabilities BIS cannot generate on its own and that it currently accesses only in delayed, fragmented form. To be sure, investigative and prosecutorial case teams investigating specific companies already pull in BIS and intelligence community staff. But these efforts are temporary and fragmented. A more effective model would institutionalize this collaboration, embedding intelligence specialists directly within BIS so that intelligence flows into enforcement every day, not only when a case team forms. Analysts from the CIA, NSA, NGA, and Treasury’s financial intelligence arm could be detailed to BIS on a small scale. All this would require are interagency memoranda of understanding, which can be easily finalized between agency leaders, allowing the intelligence to form a joint effort with BIS without requiring new legislation, authorities, or budget allocations. 

Of course, BIS is not going to suddenly absorb dozens of intelligence officers overnight. But even a small contingent—on the order of 10 detailees drawn from the analytic and targeting teams already focused on compute and smuggling—could make a material difference in shifting enforcement from reactive to proactive. The Office of the Director of National Intelligence (ODNI) could provide temporary secure space and computer networks, enabling detailees to infuse classified insights into BIS’s licensing and monitoring work in real time, turning intelligence from background context into a live operational tool for enforcement without waiting years for new facilities. This kind of pilot would not solve the scale problem, but it would demonstrate the value of making day-to-day cooperation routine. In the longer run, it underscores why Congress must invest in BIS’s permanent infrastructure—secure office space and classified information technology systems—so that BIS can sustain a standing intelligence presence rather than rely on borrowed capacity. 

Verify: Continuously Mapping AI Hardware Procurement Activity

To be effective, these lines of effort must be empowered and resourced, and could be housed under repurposed, existing structures such as the Export Enforcement Coordination Center (E2C2). Despite its initial mandate to improve export control enforcement, E2C2 has instead been relegated to case deconfliction across agencies. Rather than create new structures, leadership from BIS, the intelligence community, and other agencies could reinvigorate this construct to house a new integrated AI export control enforcement cell. This should include dedicated targeting teams, an integrated vetting unit, and a collection-and-analysis element that collaborates with AI expertise at the National Institute of Standards and Technology’s Center for AI Standards and Innovation (CAISI) and industry partners.

BIS-intelligence community cooperation should also draw on the intelligence community’s capabilities in financial intelligence and strategic declassification. The Department of the Treasury’s financial intelligence office, for example, already tracks suspicious money flows that often signal illicit deals. When tied to licensing reviews, these intelligence red flags could provide BIS with early-warning indicators that are otherwise invisible through traditional export checks. In parallel, a deliberate strategy of selective, strategic declassification—downgrading sanitized intelligence to share with industry and allies—would transform classified insights into actionable compliance guidance to support the safe export of America’s AI tech stack. Such products could, for instance, highlight red-flag shell company naming conventions, diversion hubs, or procurement patterns, equipping exporters to recognize violations before they occur. This kind of proactive targeting can have outsized strategic impact. For example, the intelligence community downgraded and publicly released assessments of Moscow’s military buildup and false-flag plans. That disclosure undercut Russian disinformation, rallied allied support, and helped Ukraine prepare defenses—demonstrating how declassification, used strategically, can shape the operating environment in advance.

This fusion will also grow to be even more essential to establish continuous monitoring and verification of new “sovereign AI” cluster buildouts, such as those emerging in the Gulf states. These facilities will require some level of ongoing security evaluations, conducted in collaboration with industry, to address evolving threat models as AI systems advance. Without such sustained monitoring and verification, adversaries and opportunistic actors could exploit gaps in cluster security to acquire or divert sensitive compute resources. Emerging tools that help regulators verify where chips are being used, without exposing private or commercial data, could provide continuous assurance that specific compute remains only where it is authorized without revealing sensitive commercial or user data. Properly designed, these mechanisms are privacy-preserving and would offer a BIS-intelligence community task force a reliable, resource-efficient enforcement tool while reducing burdens on firms by avoiding intrusive audits or disclosure of proprietary information.

Prevent: Targeting the Right Chokepoints

Through an enhanced joint targeting effort with the intelligence community, BIS could impose licensing restrictions earlier and more broadly, mitigating the current over-reliance on after-the-fact investigations. BIS maintains the Unverified List (UVL), a roster of foreign firms whose legitimacy BIS cannot confirm. At present, though, the UVL functions mostly as a static compliance measure, relying on exporters to collect end-user statements that adversaries can easily game. A more liberal, forward-leaning use of the UVL—such as feeding it with a proactive intelligence targeting effort that continuously tracks and adds entities with connections to the Chinese government—would shift it from a static safeguard into a live enforcement tool. Recent moves to adopt a “50% Rule,” which would automatically list firms majority-owned by already-sanctioned actors, would further move BIS from reactive listings to automated expansion—a shift that an intelligence fusion cell could supercharge by continuously surfacing hidden ownership links.

The reason measures such as a forward-leaning UVL or automated “50% Rule” so often stall is not that BIS or the intelligence community oppose them, but because of the tension between the Department of Commerce’s dual mandate to both promote U.S. exports and protect U.S. technology. The “promote” side of the Commerce Department regularly raises concerns that broad restrictions could hurt U.S. firms or dampen legitimate sales abroad—indeed, this reportedly in part drove the recent Nvidia H20 decision. This structural conflict creates a recurring tension between short-term commercial interests and long-term national security. While it will not clearly resolve these tensions, intelligence can serve as a bridge rather than just a bludgeon. A more systematic integration of intelligence collection and analysis would allow export controls to be targeted with greater precision, focusing restrictions on entities and networks demonstrably tied to Chinese military or security services. That, in turn, can ease pressure from trade-promotion advocates by showing that enforcement is not a blunt instrument but a tailored strategy. Intelligence fusion is not simply about “more restriction,” but about making export controls both more protective and more defensible—narrow enough to minimize collateral commercial damage yet firm enough to close the loopholes adversaries exploit.

Another approach utilizes the intelligence community’s experience using red-team analysis: A joint IC-BIS effort could red-team how Chinese actors might attempt to bypass export controls based on classified insights of key actors and capabilities, feeding those insights back into BIS rulemaking and enforcement tasking. This would shift enforcement from static rule application toward an anticipatory model that evolves as adversaries adapt. Absent clear direction to generate this intelligence on a sustained basis, however, intelligence community entities will continue to produce export control-related reporting only sporadically, leaving major enforcement gaps.

Better Leveraging Foreign Liaison Partners

The intelligence community could also leverage its liaison partners to improve coordinated enforcement with allies. These liaison channels already exist—especially among Five Eyes partners—but they remain narrow and ad hoc when it comes to AI issues. Broadening a standing intel sharing structure on AI to include key chip and SME-producing states such as the Netherlands, Japan, Taiwan, and South Korea would make coordination less dependent on one-off cases. Cooperation from these states is crucial to ensure China cannot build a durable ability to indigenously produce AI chips, a goal that even proponents of allowing the sale of Nvidia chips acknowledge is strategically vital. The low-profile, behind-the-scenes nature of intelligence liaison work has historically made some states more willing to share information on illicit activities such as AI chip smuggling that they would otherwise be reluctant to do more publicly due to concerns about political or economic backlash. Intelligence diplomacy is a potent but often hidden tool of national power, precisely because it happens quietly behind closed doors that elites can trust. For example, during the Cold War, the Coordinating Committee for Multilateral Export Controls quietly harmonized restrictions among Western allies to deny the Soviet bloc access to sensitive dual-use technologies, mainly operating through low-profile intelligence and diplomatic channels. Toward this goal, an integrated intelligence community-BIS team would be much more able to quickly downgrade AI-related intelligence for partners, pairing it with policy and diplomatic engagement for maximum impact.

Clarifying Legal Authorities and Roles

To maximize intelligence community-BIS cooperation, policymakers should help provide clearer guidance on legal and bureaucratic gray zones that make the intelligence community overly risk-averse and slow to dedicate specific resources for AI export control enforcement. One key tension is between a long-standing prohibition on the U.S. government conducting corporate espionage that could inadvertently benefit some companies, and legitimate scientific and technical intelligence activities that seek to provide decision-makers with insights about adversaries’ technological advancements. Clarifying this division would allow the intelligence community to better complement non-intelligence community technical entities—such as CAISI evaluating foreign AI models and chip practices—with strengths in upstream collection, network mapping, and foreign actor vetting, while BIS leverages its industry-facing and regulatory role to act on that intelligence. Co-locating these capabilities in an integrated unit further ensures intelligence is translated into enforcement decisions at operational speed before it becomes overtaken by events. This is a navigable issue: Long-standing cooperation in counterintelligence and counterproliferation already shows that intelligence and law enforcement can strike the right balance between their overlapping but distinct objectives, all while under robust congressional oversight.

Developing a Sense of Urgency

The imperative now is on rapid execution, which must be matched by cultural shifts within BIS and the intelligence community. After 9/11, the Treasury Department shifted rapidly from a slow, reactive policy cycle to a strategy of developing organic collection, targeting, and analytic capabilities to proactively disrupt terrorist financing. BIS must now take a similar step, partnering with the intelligence community to marry a new enforcement strategy with expanded capacity to secure this critical national security imperative.

The intelligence community must also adopt this shift in urgency, matching a demand signal from policymakers with a greater allocation of funding and internal talent prioritization toward the mission of intelligence-driven AI export control enforcement, adopting a similar approach to the intelligence community’s support to U.S. government-wide counterproliferation work. For example, the NSA’s AI Security Center competes for scarce technical expertise internally just as fiercely as CAISI and the frontier labs compete for it externally. Nurturing collaboration between the intelligence community, the Commerce Department, and industry can help bridge these gaps, but only if these teams are empowered and resourced to move quickly. 

This operational urgency must also be reinforced at the highest levels. The National Intelligence Priorities Framework—the classified list of priorities for intelligence collection, analysis, and resource prioritization—allows the ODNI and the White House to designate export control enforcement as a national priority. Congress, for its part, can backstop that prioritization with funding and oversight via legislation such as the Intelligence Authorization Act. Absent this kind of sustained institutional support, the intelligence community will likely continue to treat enforcement as a secondary task rather than a core national security mission.

One concern is that closer collaboration between BIS and the intelligence community risks alienating industry partners, who may be suspicious that proprietary information shared with BIS would be used by spy agencies for illicit purposes. That concern is understandable: Companies already grapple with industrial espionage from China, and they may be just as wary of U.S. intelligence monitoring their intellectual property and technology. If left unaddressed, such perceptions could erode the trust that BIS relies on for timely disclosures of potential violations.

That risk can be mitigated in several ways. First, clear firewalls should be established between industry engagement and intelligence functions—for example, ensuring that compliance reporting pipelines are walled off from intelligence community tasking. BIS could structure how it conducts industry engagement separately from its enforcement personnel tasked with working with the intelligence community. Second, the Commerce Department and the intelligence community could commit to transparent oversight mechanisms—for instance, inspectors general or independent compliance reviews—so that firms can be confident their proprietary data will not be misused. And third, policymakers and lawmakers should emphasize that the intelligence role is primarily about upstream collection and foreign circumvention monitoring, not peering into U.S. companies’ commercial operations.

Done right, closer intelligence community cooperation should actually strengthen industry partnerships by preventing violations before they occur, reducing the burden of after-the-fact investigations, and providing companies with actionable guidance on how adversaries are attempting to exploit them. Ultimately, the U.S. should double down on BIS’s existing strengths in collaboration and compliance outreach; such relationships are built over years with chipmakers, foundries, cloud providers, and logistics firms. This provides the U.S. with unique, asymmetric advantages that China has over its civil-military fusion approach and more draconian domestic laws.

Export controls are only as strong as their enforcement. Without intelligence-driven execution, America’s technological edge—and its ability to shape the global AI future—hangs in the balance.