Google has announced that it is starting a cyber “disruption unit”, tasked with rapidly identifying the sources of cyberattacks through intelligence-led proactive detection and deploying “legal and ethical” disruption options to counter such attacks.

The unit, operating under Google’s Threat Intelligence Group, will leverage the company’s global infrastructure and technological advantages to carry out actions such as shutting down malicious servers and blocking attack links once advanced persistent threat attacks or cross-border cybercrimes are detected. This marks the company’s clear departure from its long-standing tradition of passive defense in cybersecurity and echoes the Donald Trump administration’s promotion of an offensive cyber strategy.

Google’s move is not an isolated case. As the US government increasingly relies on the private sector to confront cyber threats, many tech giants have deepened collaboration with government agencies, becoming key actors in both cyber defense and offense. Microsoft, for instance, has used legal channels to break down the Lumma Stealer malware project and worked with the FBI and other law enforcement agencies to dismantle botnets. Amazon Web Services has provided the US intelligence community with dedicated government cloud services, enabling large-scale intelligence analysis and cyber operations. Such firms are evolving from mere technology suppliers into digital militias, reflecting a broader trend of public-private synergy in US cybersecurity.

Google’s initiative is more than a corporate security upgrade; it represents the extension of the US offensive cyber posture into the private sector. Three underlying drivers are at play. First is the strategy of preemption. Since Trump’s first term introduced the “defend forward” approach, the US cyber policy has shifted toward proactive interventions aimed at disrupting or halting malicious cyber activities at the source. His return to office has further reinforced this trajectory, enhancing US cyber offensive capabilities. Second is the intensification of intelligence collection. The country has long exploited private firms’ access to global data, but offensive cyber operations allow even deeper penetration, with companies benefiting from lucrative government orders. Third is the government’s ambition to harness tech giants in building a global digital battle network, reshaping the cyber landscape and consolidating US hegemony in this field.

The escalation of the US offensive cyber strategy carries profound challenges. It widens the legal and ethical gray zone, as private firms armed with disruptive powers may act beyond oversight, eroding norms of cyber governance and complicating accountability. It also increases global security risks: as tech firms like Google intensify disruption operations, US cyberattacks against perceived adversaries will become harder to attribute, with operations disguised as private sector activities that could penetrate foreign critical infrastructure and research institutions more easily. Finally, the US’ strategic shift could spur other nations to follow suit, heightening the likelihood of new forms of cyber conflict and further destabilizing international security.

As the US pushes forward with its offensive cyber agenda, the risks to global cybersecurity are set to mount.

The views are extracted from Jiuwanli (meaning 90,000 Miles) account and do not necessarily reflect those of facts.org.cn.