The AI Daily Brief: Artificial Intelligence News and Analysis - Google Engineer Arrested for Selling AI Secrets to Chinese Companies

Episode Date: March 7, 2024

A former Google engineer has been arrested for allegedly sharing AI secrets with Chinese companies. This episode delves into the escalating tech war between the US and China, examining the serious imp...lications of AI for national security. Today's Episode Brought to You By: Plumb - Build, test, and deploy AI features with confidence - https://useplumb.com/  ABOUT THE AI BREAKDOWN The AI Breakdown helps you understand the most important news and discussions in AI.  Subscribe to The AI Breakdown newsletter: https://theaibreakdown.beehiiv.com/subscribe Subscribe to The AI Breakdown on YouTube: https://www.youtube.com/@TheAIBreakdown Join the community: bit.ly/aibreakdown Learn more: http://breakdown.network/

Transcript
Discussion (0)
Starting point is 00:00:00 Today on the AI breakdown, a former Google engineer has been arrested for stealing and sharing trade secrets around AI with a Chinese company. Before that on the brief, Microsoft deals with a whistleblower who says that co-pilot designer is not safe for the public. The AI breakdown is a daily podcast and video about the most important news and discussions in AI. We can Breakdown. Network for more information about our YouTube, our Discord, and our newsletter. Welcome back to the AI breakdown brief, all the AI headline news you need in around five minutes. As AI gets more advanced, the range of divergent opinions about AI and its role in business, commerce, and society gets wider and wider. That happens not just in society, but also in the context of specific companies. A couple times over the last few years, we've seen people leave a big AI
Starting point is 00:00:48 lab that they were working with because they started to disagree with that company's approach to how they were handling AI-related issues. The latest story like that is an engineer who has left Microsoft and who claims that its AI image generator creates harmful imagery too easily. Shane Jones was an AI engineer at Microsoft who had worked there for about six years, and at the end of last year in November and December, he was part of a red teaming effort on co-pilot designer. Copilot designer is an AI image generator. Red teaming is a process by which people try to actively root out vulnerabilities and ways to get around guardrails to better understand how an AI is going to behave in the wild. Jones claimed that the images that came up
Starting point is 00:01:25 were not something that should be available to the public. CNBC writes, The AI service depicted demons and monsters alongside terminology related to abortion rights, teenagers with assault rifles, sexualized images of women in violent tableaus, and underage drinking and drug use. All of those scenes generated in the past three weeks
Starting point is 00:01:42 have been recreated by CNBC this week using the copilot tool, which was originally called being image creator. Said Jones, it was an eye-opening moment. It's when I first realized, wow, this is really not a safe model. Write CNBC, Jones was so alarmed by his experience that he started internally reporting his findings in December, while the company acknowledged his concerns,
Starting point is 00:01:59 it was unwilling to take the product off the market. Joan said Microsoft referred him to Open AI, and when he didn't hear back from the company, he posted an open letter on LinkedIn, asking the startup's board to take down Dolly 3 for an investigation. Microsoft's legal department then said to remove that post immediately, but then in January, he wrote a letter to U.S. senators on the matter, and later also met with Senate staffers from the Committee on Commerce Science and Transportation. Then this week, he went even farther, sending a letter to FTC Commission Chair Lena Khan and another to Microsoft's boarder directors, also sharing those letters with CNBC. Basically, Jones said that he wanted first for co-pilot designer to be removed until they could
Starting point is 00:02:35 put in better safeguards, but then barring that, he wanted to add disclosures to the product and change the rating on Google's Android app to make it just for mature audiences. Microsoft, for their part, said, we are committed to addressing any and all concerns employees have in accordance with our company policies and appreciate employee efforts in studying and testing our latest technology to, further enhanced safety. When it comes to safety bypasses or concerns that could have potential impact on our services or partners, we have established robust internal reporting channels to properly investigate and remediate any issues, which we encourage employees to utilize so we can
Starting point is 00:03:02 appropriately validate and test their concerns. Which is, of course, a very brush-off sort of answer, and the question will be whether the story actually picks up any more traction from here. Meanwhile, on the other side of the company has announced the, quote, new era of work event, designed for the company's business customers, and will show off new Surface Pro 10 and Surface laptop six devices. Of course, there will be a big focus on the AI improvements that are coming to Windows 11. Over in another tech giants world, Tom Allison, the head of Facebook within meta, said that the company is investing heavily in the development of an AI system designed to power Facebook's entire video system. Allison said that the technology roadmap that goes into 2026
Starting point is 00:03:40 involves the development of an AI recommendation model that power short videos like Instagram Reels, as well as longer videos. Allison held this discussion at a Morgan Stanley Tech Conference in San Francisco and noted that in the past, the various different video products within Facebook and meta had all been powered by different systems. Now, part of why AI has been so captivating to the markets is that it's not just theoretical and is actually producing results now. For example, Allison discussed that implementing a new type of AI-powered model architecture helped Facebook increase an 8 to 10% gain in Reels watch time, which of course translates to more ad dollars. Said Allison, instead of just powering Reels, we're working on a project to power our entire video
Starting point is 00:04:17 ecosystem with this single model. And then we can add our feed recommendation product to also be served by this model. If we get this right, not only will the recommendations be kind of more engaging and more relevant, but we think the responsiveness of them can improve as well. We wanted flying cars. We got a better video recommendation engine. Salesforce and other tech giant continues its relentless push into AI, announcing a new AI tool for doctors. The tool is called Einstein co-pilot health actions and is designed to try to help automate a slate of manual administrative tasks that can be a real on productivity and increase burnout. They say that the tool will allow doctors to book appointments, summarize patient information, and send referrals all by prompting AI in natural language.
Starting point is 00:04:56 They say that the tool will also allow organizations to digitize health assessments without having to manually type or code them. Now, in VC Land, vocal AI proponent Andresen Horowitz, is aiming to raise $6.9 billion for a new set of funds, including two that will be focused on artificial intelligence. A16Z is targeting a $6.9 billion for a master-firm. feeder fund that's expected to close in early April. Half of that is supposed to go to the firm's growth fund, which would represent a size decline from its $5 billion predecessor, but then spending 15% on an AI infrastructure fund and 15% on an AI apps fund. In other words, friends, the AI funding rush is not likely to slow down any time soon. However, that is going to do it for today's AI breakdown
Starting point is 00:05:37 brief. Next up, the main AI breakdown. Today's podcast is brought to you by Plum. If you're a start up building AI features for your customers, you're probably feeling the pain of hallucination, prompt testing, unstructured responses, subpar queries for embeddings, and of course, the mind-numbing process of general iteration and refinement when your engineers have to make every change by hand. That's where Plum comes in. Plum is a no-code AI app builder designed for product teams who care about quality and speed. What is taking you weeks to hand code today can be done confidently in hours. Check out useplum.com, us e-p-l-u-m-b.com.com. or reach out to me for early access.
Starting point is 00:06:18 Welcome back to the AI breakdown. One of the defining relationships on the global stage right now is the relationship between China and US. It is a great power struggle of a different flavor in a way that we haven't had for a couple decades now. Interestingly, if you pay any attention to artificial intelligence, you'll know that this has become a major vector of that competition. That's manifested, of course, in prohibitions around the type of technology that American companies can share with their Chinese counterparts and sell into the Chinese market. This has left
Starting point is 00:06:47 companies like AMD and Nvidia constantly working to produce lower power chips that get in under U.S. thresholds in order to keep that as a valuable market for themselves. But it also looms large as a question of policy. When we are debating things like open source AI versus close source AI, people's thoughts about competition with China tends to influence that conversation. Although fascinatingly, that can head into very different directions. Some people see open source AI development, as the lifeblood of American innovation and the way that we out-compete China, whereas other folks see it as just a way for China to get access to our most advanced models. However, there is also just the plain old question of espionage,
Starting point is 00:07:25 and that's where our story begins today. A former Google teamer Lin Wei Ding has been arrested in California and accused of stealing Google's AI secrets and sharing them with China. Writes the New York Times, A Chinese citizen who recently quit his job as a software engineer for Google in California has been charged with trying to transfer artificial intelligence technology to a Beijing-based company that paid him secretly, according to a federal indictment unsealed on Wednesday. The indictment reads,
Starting point is 00:07:51 A. federal grand jury indicted Lin Wei Ding, aka Leon Ding, charging him with four counts of theft of trade secrets in connection with an alleged plan to steal from Google LLC, proprietary information related to AI technology. According to the indictment, returned on March 5th and unsealed earlier today, that's Wednesday, March 6th, 38-year-old Ding, a national of the People's Republic of China, transferred sensitive Google trade secrets and other confidential information from Google's network to his personal account, while secretly affiliating himself with PRC-based companies in the AI industry. Said Attorney General Merrick Garland,
Starting point is 00:08:20 the Justice Department will not tolerate the theft of artificial intelligence or other advanced technologies that could put our national security at risk. In this case, we allege the defendants stole artificial intelligence-related trade secrets from Google while secretly working for two companies based in China. We will fiercely protect sensitive technologies developed in America from falling into the hands of those who should not have them. Deputy Attorney General Lisa Monaco added that the defendant had stolen over 500 confidential files, and that, quote, The Justice Department will relentlessly pursue and hold accountable those who would siphon disruptive technologies,
Starting point is 00:08:49 especially AI, for unlawful export. Also quoted in the announcement was FBI Director Christopher Ray, who said, Today's charges are the latest illustration of the lengths affiliates of companies based in the People's Republic of China are willing to go to steal American innovation. The theft of innovative technology and trade secrets from American companies can cost jobs and have devastating economic and national security consequences. The FBI will continue its efforts to vigorously pursue those responsible for stealing U.S. company's intellectual property and most closely guarded secrets.
Starting point is 00:09:17 The arrest was carried out under the auspices of something called the disruptive technology strike force, said Assistant Secretary Matthew Axelrod of the Commerce Department's Office for Export enforcement, quote, In the one year since its inception, the disruptive technology strike force has been relentless in protecting advanced U.S. technologies like artificial intelligence from malign actors, let today's announcement serve as further warning. Those who would steal sensitive U.S. technology risk finding themselves on the wrong end of a criminal indictment. So let's pause here before we get into the specifics of what was actually stolen.
Starting point is 00:09:47 There are two things that are notable to me about this announcement. The first is the aggressiveness of the posture. This is probably a reflection of the state of the relationship between the U.S. and China, but it is really notable. This is not soft language at all. This is you've brought down the wrath of the one remaining superpower in the world kind of language. The other thing, though, that's notable is how much AI is viewed as a national security and defense priority. This is not just a question of American companies in their economic competitiveness. This is about the inviolability of the sanctity of the United States as a whole. It seems to me very clear that they are trying to make an example of Leon Ding. They want this to be as loud as humanly possible to show how
Starting point is 00:10:30 aggressive they're going to be when it comes to AI. And that's fairly notable. It sends a signal about where AI ranks in terms of priorities, and it seems to be pretty high. Now, what was the information that was actually stolen? The Verge writes, much of the stolen data allegedly revolves around Google's tensor processing unit or TPU chips. In the indictment, for example, we see that between June 1st, 2022 and April 17th, 2023, the defendant allegedly stole chip architecture and software design specifications for TPU version 6, hardware software system management and performance specifications for GPU chips deployed in Google supercomputing data centers, and software design specifications for Google CMS that managed machine learning workloads on TPU and GPU chips in Google supercomputing
Starting point is 00:11:10 data centers. Now, this was not some sophisticated hack. The Verge writes, the government accuses Ding of transferring those files to a personal Google cloud account between May 2022 and May 23. He allegedly did so by, quote, copying data from the Google source files into the Apple notes application on his Google issued MacBook laptop, and then converting them from Apple Notes to PDFs to avoid detection by Google's data loss prevention systems. So Google, one of the five biggest companies in the world, or six, whatever, you get the point, was stymied by a guy copy-pasting
Starting point is 00:11:40 into Apple Notes and then turning Apple Notes into PDFs. Now, one of the other crazy parts of the story is that it seems like for a period of six months while he was technically at Google still, he was also joining and starting Chinese startups. The Verge again writes, The government says that less than a month after he began stealing files, a Chinese machine learning company named Rongshu offered to make him CTO. He flew to China for five months to raise funds for the company, and he subsequently founded and led a machine learning startup named Shuan
Starting point is 00:12:08 all while still working for Google. He resigned from Google in December 2023 and reportedly booked a one-way ticket to Beijing scheduled to depart two days past his end date after the company began asking him about his uploads. Apparently, at one point, he faked being present at Google in the U.S. by having a different employee scan his badge. So we know a little bit about what he was stealing, but what was Ding actually doing at Google? The indictment reads, The focus of Ding's work was the software platform developed in Google's network of supercomputing data centers.
Starting point is 00:12:35 Ding's job responsibilities included development of software that allowed GPU to function efficiently for machine learning, AI applications, or other purposes required by Google or Google Cloud clients. Due to Ding's job responsibilities, he was authorized to access Google confidential information related to Google's supercomputing data centers, including the hardware infrastructure, the software platform, and the AI models and applications they supported. It also sounds like although they missed the activity for a while, Google eventually did catch wind to the idea that something was going on. The indictment again reads, on or about December 2nd, 2020, Ding uploaded additional files from the
Starting point is 00:13:07 Google network to another personal Google Drive account while Ding was in the PRC. On December 8th, 2023, after Google detected this activity, Ding told a Google investigator that he had uploaded the files to his personal account to use the information as evidence of the work that he had conducted at Google. Ding assured the investigator that he had no intention of leaving Google. Ding signed a self-deleash an affidavit dated December 8th, basically saying that he had destroyed the information. This was, of course, not true. It finally came down, however, when on December 26th, Ding resigned via email, and on December 29th,
Starting point is 00:13:37 quote, Google learned that Ding had presented as the CEO of Jehu-Schwan at the Miracle Plus investor conference in Beijing in November 24, 2023. Google then suspended Ding's network access and remotely locked his Google laptop. Google searched Ding's network activity history and discovered Ding's unauthorized uploads from May 22 through May 23. That's also when they discovered another employee, swiping Ding's badge, and on January 4th, security personnel retrieved Google's Ding laptop and mobile device from his residence. On January 6th, the FBI got involved, and then finally he was arrested yesterday on Wednesday morning in Newark, California. The New York Times points out that this is a big and ongoing issue even outside
Starting point is 00:14:13 of this case. They write, accusations of intellectual property theft have been a major sticking point in U.S.-China relations for years. A Chinese national was arrested in 2015 for selling some of IBM's source code to parties in China. In 2018, a former Apple employee was apprehended as he tried to board a flight to Beijing with the company's autonomous driving trade secrets. The same year, the Chinese firm, Sinoval Wind Group, was convicted of stealing wind turbine technology from a Massachusetts-based company, AMSC, which incurred more than 800 million in losses. In October, Christopher Ray, the FBI director, said that intellectual property theft from China was a danger to U.S. economic and national security, describing it as
Starting point is 00:14:47 the, quote, defining threat of this generation. It seems like this is an issue that is poised to just increase insignificance. The South China Morning Post, for example, this morning, reported that in meetings at the Chinese people's political consultative conference, or CPPCC, a delegate who leads a Chinese AI company, said, quote, objectively speaking, despite the great efforts we have been making, our difference with the U.S. is still huge. In a certain sense, as new developments in AI emerge exponentially, if no decisive and groundbreaking measures are taken, we are at risk of seeing an even wider gap. Problems in the development of information technology cannot be solved by creating applicable scenarios, nor through breakthroughs and specific technologies. It is not even a problem
Starting point is 00:15:23 about talent and basic research. It is about many things from all aspects. We are all very anxious. The SCMP goes on. While China's AI industry was generally seen as more competitive in the very tech rivalry between the two countries, the latest launch of OpenAIs Sora and Shat-GPT has raised questions about China's progress in catching up with the U.S. To cope Chinese tech companies which have insisted that chip restrictions would not affect their development in the short term, have relied on their existing inventories or have turned to domestic AI chipmakers. But after SORA was launched last month, the State Council's state-owned asset supervision and administration commission urged firms under direct control by the central
Starting point is 00:15:56 government to, quote, embrace the profound changes brought about by AI. In other words, SORA has China even more convinced that they're behind and needing to take drastic steps to keep up. Fascinating stuff going on out there in the world. AI is very clearly at the central. of the geopolitical conversation. That, however, is going to do it for today's AI breakdown. Till next time, peace.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.