The Five Eyes intelligence alliance — the signals and security partnership binding the United States, United Kingdom, Australia, Canada, and New Zealand — has issued a joint bulletin warning that operatives linked to Chinese military intelligence are systematically using mainstream job platforms to identify, approach, and cultivate government and military personnel. The bulletin names LinkedIn, Indeed, and Upwork specifically. This is not a vague advisory about foreign influence. It is a named, documented warning about an active, ongoing collection operation dressed up as a white-collar job search.

The mechanics are straightforward and, if you think about it, almost elegant in their banality. A profile appears on a legitimate hiring platform — polished, plausible, often mimicking the branding of real consulting firms or think tanks. It advertises a contract analyst role, typically in policy, defense, or technology. Government workers, many of whom maintain public professional profiles precisely because their work history sounds impressive to civilian employers, receive tailored outreach. The messages are personalized. The money, in several documented cases, is good. The ask, at first, is small.

That escalating ask is the operational core. MI5's bulletin describes a pressure process in which applicants are gradually steered toward disclosing what the agency calls "non-public" information — assessments, internal data, the texture of classified programs — in exchange for continued engagement, the promise of a contract, or simply the flattery of being taken seriously by a well-resourced foreign outfit. By the time the target understands what is happening, if they ever do, they may have already handed over material of genuine intelligence value.

The New Zealand Security Intelligence Service has confirmed that several New Zealanders came close to providing sensitive information through exactly this kind of contact. The SIS director was direct in public remarks: people with access to secrets were nearly recruited through job sites. "Nearly" is doing real work in that sentence. It implies the operations were identified before full disclosure — but it does not mean they were identified quickly, or that every case was caught.

What makes this warning notable is not that foreign intelligence services run recruitment operations — they have for a century — but the institutional candor about which platforms are being used and which agency is running the plays. The Five Eyes bulletin attributes the campaign to Chinese military intelligence, a specific directional claim that goes beyond the diplomatic fog of "state-linked actors." The Chinese Embassy has denied that its military is involved in recruitment-style espionage operations of this kind. That denial is on the record. It is also entirely consistent with how every country whose intelligence services run foreign recruitment operations responds when those operations are named publicly.

LinkedIn, for its part, has long acknowledged that state actors attempt to misuse the platform and has said it removes fake accounts when identified. The structural problem the Five Eyes bulletin implicitly identifies is that the platform's core function — connecting professionals with opportunities — is also the perfect architecture for a targeting operation. Authenticity signals on LinkedIn are social, not verified. A profile with connections, endorsements, and a plausible employment history is not meaningfully harder to construct for a trained intelligence officer than it is for a legitimate recruiter. The platform was not built for counterintelligence, and that gap is being exploited at scale.

The targeting logic is also worth understanding clearly. Intelligence collection at this level is not about finding the one analyst with the nuclear codes. It is about accumulating texture — the kind of granular, contextual information about how governments actually work, what programs exist, what internal debates look like, what the real priorities are behind the public ones — that no press release or freedom-of-information release will ever produce. A mid-level civil servant who doesn't consider themselves a secret-keeper may still carry exactly that kind of texture. And they may be far less guarded than someone who thinks of themselves as a target.

The Five Eyes countries are not uniform in how exposed their workforces are. The United States and United Kingdom have formal security cultures with regular briefings for cleared personnel. New Zealand and Australia have smaller government workforces where professional networks are tighter and less compartmentalized — which arguably makes the social engineering easier, not harder. The SIS warning from Wellington suggests the agencies understand this asymmetry.

What the bulletin does not fully answer — and what any honest accounting of this warning has to sit with — is how many operations it did not catch, and how long this has been running at scale before the public advisory was issued. Intelligence agencies do not typically publish warnings about active methods they have fully neutralized. The fact that this bulletin exists, naming live platforms and describing a working operational playbook, suggests the problem is current, widespread, and not yet contained. The job ad in your inbox may be exactly what it looks like. Or it may not be. Right now, the people whose job it is to know the difference are telling you: check twice.