In public comments to the NTIA ahead of the report’s release, Google said it expected “increased attempts to disrupt, corrupt, deceive or appropriate” its models, but added that its secrets are protected by a “security, safety and integrity organization made up of world-class, expert engineers and researchers” and that it is working on a “framework” that will include a committee of experts to manage access to the models and their weights.
Like Google, OpenAI said in its comments to the NTIA that both open and closed models are needed depending on the situation. OpenAI, which develops models such as GPT-4 and services and apps based on those models such as ChatGPT, established its own security committee within its board of directors last week and published details in a blog this week about the security of the technology it uses to train its models. In the blog post, it said it hopes transparency will encourage other labs to adopt protective measures. It did not specify from whom it would need to keep secrets.
Jason Matheny, CEO of the RAND Corporation, who sat with the Rice professor at Stanford, echoed the professor’s concerns about security flaws. Matheny said the U.S. has used export controls to limit China’s access to high-performance computer chips, hindering Chinese developers’ ability to develop their own models. This, he argued, has increased China’s need to steal AI software.
By Matheny’s estimate, spending millions on a cyberattack to steal the weights of AI models that U.S. companies have spent hundreds of billions of dollars to create is well worth it for China. “This is really hard and it’s really important, but we haven’t invested enough nationally in doing it right,” Matheny said.
The Chinese Embassy in Washington, DC, did not immediately respond to WIRED’s request for comment on the alleged theft, but has in the past called such claims baseless smears by Western officials.
Google says it has notified law enforcement about a U.S. lawsuit alleging it stole AI chip secrets to China. The company says it has strict safeguards in place to prevent the theft of its proprietary data, but court documents show it took Google a long time to arrest the defendant, Linwei Ding, a Chinese national who has pleaded not guilty to the federal charges.
According to prosecutors, the engineer, who also goes by Leon, was hired in 2019 to work on software for Google’s supercomputer data centers. He is accused of copying more than 500 files containing sensitive information to his personal Google account over the course of about a year, starting in 2022. The scheme worked in part by the employee pasting the information into Apple’s Notes app on his work laptop, converting the files to PDFs and uploading them elsewhere, all the while evading Google’s technology meant to capture this kind of data leak, according to court documents.
The US alleges that while he was involved in the theft, the employee was in contact with the CEO of a Chinese AI startup to try to start his own AI company in China. If convicted, he could face up to 10 years in prison.
