The AI Daily Brief: Artificial Intelligence News and Analysis - Google Engineer Arrested for Selling AI Secrets to Chinese Companies
Episode Date: March 7, 2024A former Google engineer has been arrested for allegedly sharing AI secrets with Chinese companies. This episode delves into the escalating tech war between the US and China, examining the serious imp...lications of AI for national security. Today's Episode Brought to You By: Plumb - Build, test, and deploy AI features with confidence - https://useplumb.com/ ABOUT THE AI BREAKDOWN The AI Breakdown helps you understand the most important news and discussions in AI. Subscribe to The AI Breakdown newsletter: https://theaibreakdown.beehiiv.com/subscribe Subscribe to The AI Breakdown on YouTube: https://www.youtube.com/@TheAIBreakdown Join the community: bit.ly/aibreakdown Learn more: http://breakdown.network/
Transcript
Discussion (0)
Today on the AI breakdown, a former Google engineer has been arrested for stealing and sharing trade secrets around AI with a Chinese company.
Before that on the brief, Microsoft deals with a whistleblower who says that co-pilot designer is not safe for the public.
The AI breakdown is a daily podcast and video about the most important news and discussions in AI.
We can Breakdown. Network for more information about our YouTube, our Discord, and our newsletter.
Welcome back to the AI breakdown brief, all the AI headline news you need in around five minutes.
As AI gets more advanced, the range of divergent opinions about AI and its role in business, commerce, and
society gets wider and wider. That happens not just in society, but also in the context of
specific companies. A couple times over the last few years, we've seen people leave a big AI
lab that they were working with because they started to disagree with that company's approach
to how they were handling AI-related issues. The latest story like that is an engineer who has left
Microsoft and who claims that its AI image generator creates harmful imagery too easily.
Shane Jones was an AI engineer at Microsoft who had worked there for about six years,
and at the end of last year in November and December, he was part of a red teaming effort on
co-pilot designer. Copilot designer is an AI image generator. Red teaming is a process by which
people try to actively root out vulnerabilities and ways to get around guardrails to better
understand how an AI is going to behave in the wild. Jones claimed that the images that came up
were not something that should be available to the public.
CNBC writes,
The AI service depicted demons and monsters
alongside terminology related to abortion rights,
teenagers with assault rifles,
sexualized images of women in violent tableaus,
and underage drinking and drug use.
All of those scenes generated in the past three weeks
have been recreated by CNBC this week
using the copilot tool,
which was originally called being image creator.
Said Jones, it was an eye-opening moment.
It's when I first realized, wow, this is really not a safe model.
Write CNBC,
Jones was so alarmed by his experience
that he started internally reporting his findings in December, while the company acknowledged his concerns,
it was unwilling to take the product off the market. Joan said Microsoft referred him to Open AI,
and when he didn't hear back from the company, he posted an open letter on LinkedIn, asking the
startup's board to take down Dolly 3 for an investigation. Microsoft's legal department then said to remove
that post immediately, but then in January, he wrote a letter to U.S. senators on the matter,
and later also met with Senate staffers from the Committee on Commerce Science and Transportation.
Then this week, he went even farther, sending a letter to FTC Commission Chair Lena Khan
and another to Microsoft's boarder directors, also sharing those letters with CNBC.
Basically, Jones said that he wanted first for co-pilot designer to be removed until they could
put in better safeguards, but then barring that, he wanted to add disclosures to the product
and change the rating on Google's Android app to make it just for mature audiences.
Microsoft, for their part, said, we are committed to addressing any and all concerns
employees have in accordance with our company policies and appreciate employee efforts
in studying and testing our latest technology to,
further enhanced safety. When it comes to safety bypasses or concerns that could have potential
impact on our services or partners, we have established robust internal reporting channels to
properly investigate and remediate any issues, which we encourage employees to utilize so we can
appropriately validate and test their concerns. Which is, of course, a very brush-off sort of answer,
and the question will be whether the story actually picks up any more traction from here.
Meanwhile, on the other side of the company has announced the, quote, new era of work event,
designed for the company's business customers, and will show off new Surface Pro 10 and Surface
laptop six devices. Of course, there will be a big focus on the AI improvements that are coming
to Windows 11. Over in another tech giants world, Tom Allison, the head of Facebook within
meta, said that the company is investing heavily in the development of an AI system designed to power
Facebook's entire video system. Allison said that the technology roadmap that goes into 2026
involves the development of an AI recommendation model that power short videos like Instagram Reels,
as well as longer videos. Allison held this discussion at a Morgan Stanley Tech Conference in San Francisco
and noted that in the past, the various different video products within Facebook and meta
had all been powered by different systems. Now, part of why AI has been so captivating to the markets
is that it's not just theoretical and is actually producing results now. For example,
Allison discussed that implementing a new type of AI-powered model architecture helped Facebook
increase an 8 to 10% gain in Reels watch time, which of course translates to more ad dollars.
Said Allison, instead of just powering Reels, we're working on a project to power our entire video
ecosystem with this single model. And then we can add our feed recommendation product to also be served
by this model. If we get this right, not only will the recommendations be kind of more engaging and
more relevant, but we think the responsiveness of them can improve as well. We wanted flying cars. We got a
better video recommendation engine. Salesforce and other tech giant continues its relentless push into
AI, announcing a new AI tool for doctors. The tool is called Einstein co-pilot health actions
and is designed to try to help automate a slate of manual administrative tasks that can be a real
on productivity and increase burnout. They say that the tool will allow doctors to book appointments,
summarize patient information, and send referrals all by prompting AI in natural language.
They say that the tool will also allow organizations to digitize health assessments without
having to manually type or code them. Now, in VC Land, vocal AI proponent Andresen Horowitz,
is aiming to raise $6.9 billion for a new set of funds, including two that will be focused
on artificial intelligence. A16Z is targeting a $6.9 billion for a master-firm.
feeder fund that's expected to close in early April. Half of that is supposed to go to the firm's
growth fund, which would represent a size decline from its $5 billion predecessor, but then spending 15%
on an AI infrastructure fund and 15% on an AI apps fund. In other words, friends, the AI funding rush
is not likely to slow down any time soon. However, that is going to do it for today's AI breakdown
brief. Next up, the main AI breakdown. Today's podcast is brought to you by Plum. If you're a
start up building AI features for your customers, you're probably feeling the pain of hallucination,
prompt testing, unstructured responses, subpar queries for embeddings, and of course, the mind-numbing
process of general iteration and refinement when your engineers have to make every change by
hand. That's where Plum comes in. Plum is a no-code AI app builder designed for product teams
who care about quality and speed. What is taking you weeks to hand code today can be done
confidently in hours. Check out useplum.com, us e-p-l-u-m-b.com.com.
or reach out to me for early access.
Welcome back to the AI breakdown.
One of the defining relationships on the global stage right now is the relationship between China and US.
It is a great power struggle of a different flavor in a way that we haven't had for a couple
decades now.
Interestingly, if you pay any attention to artificial intelligence, you'll know that this has
become a major vector of that competition.
That's manifested, of course, in prohibitions around the type of technology that American
companies can share with their Chinese counterparts and sell into the Chinese market. This has left
companies like AMD and Nvidia constantly working to produce lower power chips that get in under
U.S. thresholds in order to keep that as a valuable market for themselves. But it also looms large as a
question of policy. When we are debating things like open source AI versus close source AI,
people's thoughts about competition with China tends to influence that conversation. Although
fascinatingly, that can head into very different directions. Some people see open source AI development,
as the lifeblood of American innovation and the way that we out-compete China,
whereas other folks see it as just a way for China to get access to our most advanced models.
However, there is also just the plain old question of espionage,
and that's where our story begins today.
A former Google teamer Lin Wei Ding has been arrested in California
and accused of stealing Google's AI secrets and sharing them with China.
Writes the New York Times,
A Chinese citizen who recently quit his job as a software engineer for Google in California
has been charged with trying to transfer artificial intelligence technology to a Beijing-based company
that paid him secretly, according to a federal indictment unsealed on Wednesday.
The indictment reads,
A. federal grand jury indicted Lin Wei Ding, aka Leon Ding, charging him with four counts of
theft of trade secrets in connection with an alleged plan to steal from Google LLC,
proprietary information related to AI technology.
According to the indictment, returned on March 5th and unsealed earlier today,
that's Wednesday, March 6th, 38-year-old Ding, a national of the People's Republic of China,
transferred sensitive Google trade secrets and other confidential information from Google's network to his personal account,
while secretly affiliating himself with PRC-based companies in the AI industry.
Said Attorney General Merrick Garland,
the Justice Department will not tolerate the theft of artificial intelligence or other advanced technologies
that could put our national security at risk.
In this case, we allege the defendants stole artificial intelligence-related trade secrets from Google
while secretly working for two companies based in China.
We will fiercely protect sensitive technologies developed in America from falling into the hands of those who should not have them.
Deputy Attorney General Lisa Monaco added that the defendant had stolen over 500 confidential files,
and that, quote,
The Justice Department will relentlessly pursue and hold accountable those who would siphon disruptive technologies,
especially AI, for unlawful export.
Also quoted in the announcement was FBI Director Christopher Ray, who said,
Today's charges are the latest illustration of the lengths affiliates of companies based in the People's Republic of China
are willing to go to steal American innovation.
The theft of innovative technology and trade secrets from American companies can cost jobs
and have devastating economic and national security consequences.
The FBI will continue its efforts to vigorously pursue those responsible for stealing
U.S. company's intellectual property and most closely guarded secrets.
The arrest was carried out under the auspices of something called the disruptive technology
strike force, said Assistant Secretary Matthew Axelrod of the Commerce Department's Office
for Export enforcement, quote,
In the one year since its inception, the disruptive technology strike force has been
relentless in protecting advanced U.S. technologies like artificial intelligence from
malign actors, let today's announcement serve as further warning. Those who would steal sensitive
U.S. technology risk finding themselves on the wrong end of a criminal indictment.
So let's pause here before we get into the specifics of what was actually stolen.
There are two things that are notable to me about this announcement. The first is the aggressiveness
of the posture. This is probably a reflection of the state of the relationship between the
U.S. and China, but it is really notable. This is not soft language at all. This is you've brought
down the wrath of the one remaining superpower in the world kind of language. The other thing,
though, that's notable is how much AI is viewed as a national security and defense priority. This is not
just a question of American companies in their economic competitiveness. This is about the inviolability
of the sanctity of the United States as a whole. It seems to me very clear that they are trying
to make an example of Leon Ding. They want this to be as loud as humanly possible to show how
aggressive they're going to be when it comes to AI. And that's fairly notable. It sends a signal about
where AI ranks in terms of priorities, and it seems to be pretty high. Now, what was the information
that was actually stolen? The Verge writes, much of the stolen data allegedly revolves around Google's
tensor processing unit or TPU chips. In the indictment, for example, we see that between June 1st,
2022 and April 17th, 2023, the defendant allegedly stole chip architecture and software design specifications
for TPU version 6, hardware software system management and performance specifications for GPU
chips deployed in Google supercomputing data centers, and software design specifications for Google
CMS that managed machine learning workloads on TPU and GPU chips in Google supercomputing
data centers.
Now, this was not some sophisticated hack.
The Verge writes, the government accuses Ding of transferring those files to a personal Google
cloud account between May 2022 and May 23.
He allegedly did so by, quote, copying data from the Google source files into the Apple
notes application on his Google issued MacBook laptop, and then converting them from Apple Notes to
PDFs to avoid detection by Google's data loss prevention systems. So Google, one of the five
biggest companies in the world, or six, whatever, you get the point, was stymied by a guy copy-pasting
into Apple Notes and then turning Apple Notes into PDFs. Now, one of the other crazy parts of the
story is that it seems like for a period of six months while he was technically at Google still,
he was also joining and starting Chinese startups.
The Verge again writes,
The government says that less than a month after he began stealing files,
a Chinese machine learning company named Rongshu offered to make him CTO.
He flew to China for five months to raise funds for the company,
and he subsequently founded and led a machine learning startup named Shuan
all while still working for Google.
He resigned from Google in December 2023 and reportedly booked a one-way ticket to Beijing
scheduled to depart two days past his end date after the company began asking him about his uploads.
Apparently, at one point, he faked being present at Google in the U.S. by having a different
employee scan his badge.
So we know a little bit about what he was stealing, but what was Ding actually doing at Google?
The indictment reads, The focus of Ding's work was the software platform developed in Google's
network of supercomputing data centers.
Ding's job responsibilities included development of software that allowed GPU to function
efficiently for machine learning, AI applications, or other purposes required by Google
or Google Cloud clients.
Due to Ding's job responsibilities, he was authorized to access Google confidential information
related to Google's supercomputing data centers, including the hardware infrastructure, the software
platform, and the AI models and applications they supported. It also sounds like although they missed
the activity for a while, Google eventually did catch wind to the idea that something was going on.
The indictment again reads, on or about December 2nd, 2020, Ding uploaded additional files from the
Google network to another personal Google Drive account while Ding was in the PRC. On December 8th,
2023, after Google detected this activity, Ding told a Google investigator that he had uploaded the files to his personal account
to use the information as evidence of the work that he had conducted at Google.
Ding assured the investigator that he had no intention of leaving Google.
Ding signed a self-deleash an affidavit dated December 8th, basically saying that he had destroyed
the information.
This was, of course, not true.
It finally came down, however, when on December 26th, Ding resigned via email, and on December 29th,
quote, Google learned that Ding had presented as the CEO of Jehu-Schwan at the Miracle Plus
investor conference in Beijing in November 24, 2023.
Google then suspended Ding's network access and remotely locked his Google
laptop. Google searched Ding's network activity history and discovered Ding's unauthorized uploads
from May 22 through May 23. That's also when they discovered another employee, swiping Ding's badge,
and on January 4th, security personnel retrieved Google's Ding laptop and mobile device from his residence.
On January 6th, the FBI got involved, and then finally he was arrested yesterday on Wednesday morning
in Newark, California. The New York Times points out that this is a big and ongoing issue even outside
of this case. They write, accusations of intellectual property theft have been a major
sticking point in U.S.-China relations for years. A Chinese national was arrested in
2015 for selling some of IBM's source code to parties in China. In 2018, a former Apple employee
was apprehended as he tried to board a flight to Beijing with the company's autonomous
driving trade secrets. The same year, the Chinese firm, Sinoval Wind Group, was convicted
of stealing wind turbine technology from a Massachusetts-based company, AMSC, which incurred more than
800 million in losses. In October, Christopher Ray, the FBI director, said that intellectual
property theft from China was a danger to U.S. economic and national security, describing it as
the, quote, defining threat of this generation. It seems like this is an issue that is poised to
just increase insignificance. The South China Morning Post, for example, this morning, reported that
in meetings at the Chinese people's political consultative conference, or CPPCC, a delegate who
leads a Chinese AI company, said, quote, objectively speaking, despite the great efforts we have been
making, our difference with the U.S. is still huge. In a certain sense, as new developments in AI emerge
exponentially, if no decisive and groundbreaking measures are taken, we are at risk of seeing an even
wider gap. Problems in the development of information technology cannot be solved by creating
applicable scenarios, nor through breakthroughs and specific technologies. It is not even a problem
about talent and basic research. It is about many things from all aspects. We are all very
anxious. The SCMP goes on. While China's AI industry was generally seen as more competitive
in the very tech rivalry between the two countries, the latest launch of OpenAIs Sora and
Shat-GPT has raised questions about China's progress in catching up with the U.S.
To cope Chinese tech companies which have insisted that chip restrictions would not affect their
development in the short term, have relied on their existing inventories or have turned to domestic
AI chipmakers. But after SORA was launched last month, the State Council's state-owned
asset supervision and administration commission urged firms under direct control by the central
government to, quote, embrace the profound changes brought about by AI. In other words, SORA has China
even more convinced that they're behind and needing to take drastic steps to keep up. Fascinating
stuff going on out there in the world. AI is very clearly at the central.
of the geopolitical conversation.
That, however, is going to do it for today's AI breakdown.
Till next time, peace.
