The Trusted Method For Infiltration
Imagine you were given 24 hours to steal Google’s AI source code, how would you do it? What if you were given a month, couldyou do it now? What if I gave you a year, would you feel confident you could pull it off?
Time is the force multiplier. As the window widens, the probability of success trends toward one hundred percent, not because you need to rappel through a skylight, but because the simplest path is to go through the front door, get hired, and become the insider.
That is the lesson prosecutors and jurors just delivered in San Francisco, where a former engineer was convicted of economic espionage and trade secret theft tied to Google’s AI infrastructure, a verdict that turns a social-engineering thought experiment into case law.
According to the U.S. Department of Justice, the jury returned guilty verdicts on fourteen counts after an eleven day trial.
The Case
A federal jury found former software engineer Linwei Ding, also known as Leon Ding, guilty on seven counts of economic espionage and seven counts of theft of trade secrets for exfiltrating thousands of confidential documents describing Google’s AI supercomputing stack, including accelerator hardware, cluster networking, and orchestration software.
According to Reuters, each espionage count carries up to fifteen years in prison and a five million dollar fine, and each trade secret count carries up to ten years and a two hundred fifty thousand dollar fine.
Prosecutors said the thefts occurred between 2022 and 2023 while Ding held a legitimate role inside the company and while he was courting China based ventures. The Justice Department called this its first conviction on AI related economic espionage charges, a framing echoed in coverage across multiple outlets.
Prosecutors proved that Linwei Ding uploaded more than 1,000–2,000 pages of confidential material from Google’s network to his personal Google Cloud account and, shortly before resigning in December 2023, downloaded the files to his personal computer.
The Justice Department’s post-verdict summary does not state that the stolen files were transmitted to any recipient in China, only that he stole them “for the benefit of the PRC.”
The Actors
The defendant, Linwei Ding, age thirty eight at indictment, joined Google in 2019. According to the San Francisco Chronicle, while employed he discussed a chief technology officer role with a Chinese startup, earned a monthly stipend, and pitched investors on replicating Google’s AI supercomputer using knowledge taken from his day job. The Chronicle also reports he applied to a government talent program in Shanghai that incentivizes contributions to national AI capability.
The victim organization, Google, was not charged and cooperated with investigators, according to Reuters. The target assets were not model weights alone, but the blueprints and playbooks that make large model training possible at scale, from chip and SmartNIC details to interconnect protocols and cluster management.
The government, led by the U.S. Department of Justice and investigated by the Federal Bureau of Investigation, tried the case in the U.S. Attorney’s Office, Northern District of California. Officials tied the conduct to efforts benefiting the People’s Republic of China, and cited the matter as part of the Disruptive Technology Strike Force initiative.
Insider-Threat Lens, What Actually Failed
Identity, he was who he said he was, an employee in good standing, which often collapses scrutiny. This is one of the hardest problems in physical, and by extension cyber security, because organizations have already vetted their employees and granted them access.
As a result, patient and clever spies can be incredibly difficult to root out, because their normal daily behavior appears, and often is, completely ordinary and safe. Its only infrequently that they will copy, access or steal data or information, and unfortunately, these materials may be required for them to be in possession of for their job.
This is one of the reasons why when offensive security personnel consider building and organizational security,
YOU CANNOT ONLY LOOK AT THE PROBLEM FROM AN OUTSIDER THREAT
you must always take into consideration the possibility of a rogue insider, and remember good intentioned employees can be tricked into doing malicious things too.
Conclusion
Give an adversary a day, they need a LOT of luck. Give them a month, they need a gap. Give them a year, they just need a job.
The San Francisco verdict shows that insider threats remain the straightest line between ambition and access.
The controls that matter most are not cinematic, they are the dull, enforced, continuously measured basics that turn time back into your ally and make the easy path, employment, the least attractive route for theft.