They told US media that the FBI and CIA were co-ordinating the inquiry afterWikileaks published thousands of files.
These carried claims that the CIA had developed ways to listen in on smartphone and smart TV microphones.
The CIA, FBI and White House have declined to comment on the authenticity of the files leaked on Tuesday.
A CIA spokesperson told the BBC on Wednesday: “The American public should be deeply troubled by any Wikileaks disclosure designed to damage the intelligence community’s ability to protect America against terrorists and other adversaries.
“Such disclosures not only jeopardise US personnel and operations, but also equip our adversaries with tools and information to do us harm.”
On Wednesday, the US officials – who spoke on the condition of anonymity – told US media that the criminal investigation was looking into how the files came into Wikileaks’ possession.
The inquiry would also try to establish whether the disclosure was a breach from inside or outside the CIA, the officials added.
The CIA has not confirmed whether the documents – said to date between 2013 to 2016 – are real.
But one of its former chiefs was concerned by their publication.
“If what I have read is true, then this seems to be an incredibly damaging leak in terms of the tactics, techniques, procedures and tools that were used by the Central Intelligence Agency to conduct legitimate foreign intelligence,” ex-CIA director Michael Hayden told the BBC.
“In other words, it’s made my country and my country’s friends less safe.”
‘Zero day’ bugs
Several of the tech firms whose products have been allegedly compromised by the CIA gave their first reactions on Wednesday.
Apple said it had already addressed some of the vulnerabilities.
“The technology built into today’s iPhone represents the best data security available to consumers, and we’re constantly working to keep it that way,” it said.
Samsung – whose F8000 series of televisions was reportedly compromised – said that “protecting consumers’ privacy and the security of our devices is a top priority at Samsung”.
The leaks also claimed that the CIA had created malware to target PCs running Microsoft’s Windows operating system.
“We are aware of the report and are looking into it,” a spokesman from Microsoft said.
Google declined to comment about allegations that the CIA was able to “penetrate, infest and control” Android phones due to its discovery and acquisition of “zero day” bugs – previously unknown flaws in the operating system’s code.
The World Wide Web Foundation – which campaigns for internet privacy – said the US government needed to issue a detailed response.