Google in public comments in an interview with NTIA ahead of the report, it said it expected “an increase in attempts to disrupt, degrade, defraud and steal” models. But he added that its secrets were guarded by “a safety, security and reliability organization composed of engineers and researchers with world-class expertise” and that it was working on a “framework” that would include a committee of experts to assist manage access to models and their weights.
Like Google, OpenAI stated in the comments The NTIA has stated that both open and closed models are needed depending on the circumstances. OpenAI, which develops models such as GPT-4 and services and applications based on them such as ChatGPT, last week formed its own security committee on its board, and this week published its blog provides detailed information on the security of the technology used to train models. The blog post expressed hope that the transparency would inspire other labs to adopt protective measures. It is not specified from whom secrets should be protected.
In a conversation with Rice at Stanford, RAND CEO Jason Matheny repeated his concerns about security vulnerabilities. By using export controls to limit China’s access to powerful computer chips, the United States is making it harder for Chinese developers to create their own models, Matheny said. He claimed this increased their need to steal AI software outright.
Spending several million dollars on a cyberattack that steals the weights of artificial intelligence models that cost an American company hundreds of billions of dollars to create is definitely worth it to China, according to Matheny’s estimates. “It’s really difficult and really important, and we’re not investing enough in the country to address it,” Matheny said.
China’s embassy in Washington did not immediately respond to WIRED’s request for comment on the theft accusations, but in the past it has characterized such claims as baseless slander by Western officials.
Google said it had notified law enforcement authorities about incident it became a US case about stealing AI chip secrets for China. While the company described maintaining stringent safeguards to prevent theft of its proprietary data, court documents show that it took Google a long time to catch the defendant, Linwei Ding, a Chinese national who has pleaded not guilty to federal charges.
According to prosecutors, the engineer, who is also Leon, was hired in 2019 to work on software for Google’s supercomputing data centers. Over the course of about a year, starting in 2022, he allegedly copied over 500 files containing sensitive information to his personal Google account. Court documents say the scheme worked in part because the employee pasted the information into Apple Notes on his company laptop, converted the files to PDF and uploaded them elsewhere, while avoiding Google technology used to catch this type of exfiltration.
The United States says that during the alleged theft, the employee was in contact with the CEO of an artificial intelligence startup in China and moved to start his own Chinese artificial intelligence company. If the allegations are confirmed, he faces up to 10 years in prison.
