Ex-Google Engineer Convicted in First US AI Espionage Case

A federal jury in San Francisco on Thursday convicted former Google software engineer Linwei Ding on seven counts of economic espionage and seven counts of trade secret theft—marking the first conviction in US history for AI-related economic espionage. Ding, 38, faces up to 15 years in prison for each espionage count and 10 years for each theft count.

The 12-person jury reached its verdict after just three hours of deliberation, finding Ding guilty on all 14 counts following an 11-day trial before US District Judge Vince Chhabria.

What Ding Stole

Between May 2022 and April 2023, Ding systematically exfiltrated over 2,000 pages of confidential documents detailing Google's most closely guarded AI infrastructure:

• Tensor Processing Unit (TPU) architecture - Custom chips designed specifically for machine learning workloads
• GPU systems - Proprietary configurations for graphics processors running AI applications
• Orchestration software - Systems that coordinate thousands of chips to function as AI supercomputers
• SmartNIC designs - Custom network interface cards enabling high-speed communication between AI components

Prosecutors argued the stolen information represented a decade of research and millions of dollars in investment. By taking it, Ding could "skip huge parts of the design process" for building competing AI infrastructure.

How He Did It

Ding employed a simple but effective exfiltration method. He copied data from Google source files into the Apple Notes application on his Google-issued MacBook laptop, then converted the notes to PDF files and uploaded them to his personal Google Cloud account. This approach evaded Google's immediate detection systems.

To cover his tracks during overseas trips, Ding asked a colleague to periodically scan his employee badge at Google's offices—creating the appearance he remained in the country while he was actually in China meeting with investors and business partners.

China Connections

While employed by Google, Ding secretly affiliated with two China-based technology companies. He founded Shanghai Zhisuan Technology Co. and served as CEO, telling investors his startup could replicate Google's AI supercomputing capabilities and that he was "one of 10 people in the world" capable of building such systems.

Ding also applied for a Shanghai government "talent program" aimed at recruiting individuals to advance China's technological development. In his application, he stated his intention to help China achieve computing infrastructure "on par with the international level."

The Justice Department concluded that Ding intended to benefit entities controlled by the Chinese government through AI supercomputer development. This case fits the pattern of PRC-sponsored cyber operations that US agencies have increasingly documented targeting American technology companies.

Official Response

"This conviction exposes a calculated breach of trust involving some of the most advanced AI technology in the world," said Assistant Attorney General John A. Eisenberg. The defendant "abused his privileged access to steal AI trade secrets."

FBI Assistant Director Roman Rozhavsky called the case historic: "In today's high-stakes race to dominate the field of artificial intelligence, Linwei Ding betrayed both the US and his employer by stealing trade secrets about Google's AI technology on behalf of China's government."

Google's vice president of regulatory affairs, Lee-Anne Mulholland, welcomed the verdict: "We're grateful to the jury for making sure justice was served today, sending a clear message that stealing trade secrets has serious consequences."

Defense Arguments Fell Flat

Ding's attorney Grant Fondo argued that Google failed to adequately protect the information, noting the documents were accessible to thousands of employees. The defense contended that widely available materials couldn't constitute trade secrets.

The jury wasn't persuaded. Access controls don't determine whether information qualifies as a trade secret—its value and the measures taken to maintain secrecy do.

Why This Matters

The conviction arrives amid escalating concerns about AI-related espionage. Researchers documented a 150% increase in China-linked intrusions targeting US organizations over the past year. The Treasury Department breach and other incidents demonstrate Chinese intelligence services' sustained interest in American technology and government secrets.

Insider threats present unique detection challenges. Unlike external attackers who must breach network perimeters, insiders already have legitimate access to sensitive systems. Security researchers predict AI-related insider threats will increase through 2026 as the technology becomes more valuable and the temptation to monetize access grows.

The Ding case also highlights the geographic dimension of AI competition. China has publicly stated its goal of achieving AI parity with the United States by 2030. Shortcuts through economic espionage allow Chinese companies to compress development timelines that would otherwise take years.

What Happens Next

Ding is scheduled for a status conference on February 3, 2026. Sentencing will come later—the combined maximum penalties across all 14 counts exceed 175 years, though federal sentencing guidelines will likely result in a substantially lower term.

For security teams, the case reinforces familiar lessons: monitor for unusual data access patterns, restrict copying of sensitive materials to personal accounts, and pay attention when employees ask colleagues to badge in for them. The most sophisticated AI in the world doesn't protect against a determined insider with a MacBook and Apple Notes.