A federal jury in San Francisco convicted former Google software engineer Linwei Ding on January 29, 2026, on seven counts of economic espionage and seven counts of theft of trade secrets, marking the first-ever conviction on AI-related economic espionage charges in United States history. The 38-year-old Chinese national faces up to 175 years in prison for stealing more than 2,000 pages of confidential AI technology documentation to benefit the People’s Republic of China and Chinese tech companies he secretly operated while employed by Google.
What Ding Stole and How
Between May 2022 and April 2023, Ding systematically exfiltrated Google’s most sensitive AI infrastructure documentation. According to the Department of Justice, the stolen trade secrets contained detailed information about Google’s custom Tensor Processing Unit (TPU) chips and Graphics Processing Unit (GPU) systems, the software enabling chips to communicate and execute tasks, orchestration software managing thousands of chips in AI supercomputers, and Google’s custom-designed SmartNIC, specialized network interface cards facilitating high-speed communication within AI infrastructure.
Ding used surprisingly simple methods to execute the theft. He copied internal documents to his Apple Notes app, then uploaded them as PDFs to his personal Google Cloud account, a tactic that evaded detection for nearly a year. In December 2023, less than two weeks before resigning, Ding downloaded the complete cache of stolen materials to his personal computer. To maintain the appearance of normal activity, he asked a former intern to swipe his badge at Google’s offices while he was actually in China working on his startup.
The China Connection: Government-Backed AI Ambitions
Evidence presented during the 11-day trial revealed Ding’s extensive ties to Chinese government initiatives. In late 2023, Ding applied for a government-sponsored talent plan
in Shanghai designed to encourage individuals to contribute to China’s economic and technological growth. His application stated he planned to help China to have computing power infrastructure capabilities that are on par with the international level,
according to court documents.
While employed at Google, Ding secretly affiliated with two China-based technology companies. Around June 2022, he discussed becoming Chief Technology Officer for an early-stage PRC technology company. By early 2023, he had founded his own company, Shanghai Zhisuan Technologies Co., positioning himself as CEO and claiming to investors that he was one of 10 people in the world
who could replicate Google’s AI supercomputing technology.
How Google Discovered the Breach
The scheme unraveled in late 2023 when Google learned Ding had presented himself as CEO of Shanghai Zhisuan at an investor conference in Beijing. The company immediately locked him out of its network and launched an internal investigation that uncovered the massive data exfiltration. According to Bloomberg Law reporting, Ding then booked a one-way flight to Beijing. FBI agents executed a search warrant at his Newark, California home in early January 2024, leading to his arrest in March 2024.
Prosecutors alleged Ding engaged in multiple deceptive tactics to cover his tracks, including lying to investigators about whether he possessed Google documents on his personal computer and orchestrating the badge-swiping scheme to create false location records.
What Happens to Ding Now?
Ding is scheduled to appear at a status conference on February 3, 2026, where the court will likely set a sentencing date. He faces maximum sentences of 10 years per trade secrets theft count and 15 years per economic espionage count, potentially totaling 175 years if sentences run consecutively. However, actual sentences typically fall well below statutory maximums after consideration of U.S. Sentencing Guidelines and factors outlined in 18 U.S.C. § 3553.
Judge Vince Chhabria ruled Ding was not a flight risk and allowed him to remain out of custody until sentencing, a decision some observers found surprising given Ding’s previous one-way flight booking to Beijing and lack of significant U.S. ties beyond his employment.
| Charge Type | Count | Max Sentence Each | Total Potential |
|---|---|---|---|
| Economic Espionage | 7 | 15 years | 105 years |
| Trade Secrets Theft | 7 | 10 years | 70 years |
| Total | 14 | — | 175 years |
Can the Damage Be Undone?
As one observer asked: So now what happens to him? The secrets are already out & damage done. What happens next?
The unfortunate answer is that prosecuting Ding doesn’t reverse the technology transfer. China’s government-backed entities and Shanghai Zhisuan Technologies almost certainly retained copies of Google’s AI infrastructure documentation. The TPU architecture details, networking protocols, and supercomputer orchestration software that took Google years and billions of dollars to develop are now in Chinese hands.
However, several factors may limit the practical damage. Google’s AI infrastructure evolves rapidly, documentation from 2022-2023 may already be partially obsolete as the company advances toward more efficient architectures. Manufacturing TPUs requires access to cutting-edge semiconductor fabrication capabilities that China struggles to obtain due to U.S. export controls on advanced chip-making equipment. Simply possessing documentation doesn’t guarantee successful implementation—building functional AI supercomputers requires specialized expertise, supply chains, and iterative engineering that blueprints alone cannot provide.
Still, the theft accelerates Chinese AI development by providing validated architectural patterns and eliminating years of trial-and-error experimentation. FBI Assistant Director Roman Rozhavsky stated: In today’s high-stakes race to dominate the field of artificial intelligence, Linwei Ding betrayed both the U.S. and his employer by stealing trade secrets about Google’s AI technology on behalf of China’s government.
The Defense Strategy That Failed
Ding’s attorney Grant Fondo argued that Google didn’t adequately protect the information, claiming the documents were available to thousands of employees and therefore couldn’t constitute trade secrets. Google chose openness over security,
Fondo reportedly argued, suggesting the company’s internal collaboration culture undermined legal protections.
The jury rejected this defense after three hours of deliberation, finding unanimously that the 105 documents identified by prosecutors met the legal definition of trade secrets. The verdict establishes that companies maintaining internal openness for collaboration purposes can still legally protect that information from external disclosure, an important precedent for tech companies balancing innovation velocity with security.
Industry and National Security Implications
Assistant Attorney General John A. Eisenberg called the conviction a calculated breach of trust involving some of the most advanced AI technology in the world at a critical moment in AI development.
The case highlights vulnerabilities in how U.S. tech companies protect sensitive AI research amid intense international competition.
Some observers questioned employment practices that grant foreign nationals access to cutting-edge technology. As one commenter noted: It’s almost like allowing foreigners into the AI infrastructure was a national security risk… if only we had some way of knowing.
Others suggested extreme measures: Every coder should be licensed & identified so long as they hold positions with access to sensitive data.
These proposals reflect tensions between maintaining America’s competitive advantage in AI (which depends partly on attracting global talent) and protecting national security interests. According to Google DeepMind CEO Demis Hassabis, Chinese AI models may be a matter of months
behind U.S. capabilities, a gap that cases like Ding’s could narrow further.
What This Means for Tech Workers and Companies
For employees, the conviction sends a clear deterrent signal that economic espionage carries severe consequences. The FBI’s successful prosecution demonstrates that even sophisticated cover-up attempts eventually unravel through corporate monitoring, intelligence gathering, and international cooperation.
For companies, the case raises difficult questions about access controls and monitoring. Should AI infrastructure documentation be compartmentalized even from engineers working on those systems? How much internal transparency must be sacrificed to prevent espionage? At what point does security monitoring infringe on employee privacy and trust?
Google Vice President Lee-Anne Mulholland stated: We’re grateful to the jury for making sure justice was served today, sending a clear message that stealing trade secrets has serious consequences.
Yet the conviction comes after the theft was complete and the technology transferred—a reactive response to proactive espionage.
The Broader Context: U.S.-China Tech Competition
This case represents one data point in a broader pattern of Chinese technology acquisition through espionage, talent recruitment, and legal means. The DOJ has pursued multiple prosecutions under the “China Initiative” (later rebranded) targeting economic espionage and technology theft. Critics argue these prosecutions sometimes rely on ethnic profiling and chill legitimate academic collaboration, while supporters maintain they’re necessary to counter systematic Chinese government efforts to close technological gaps.
The case also intersects with ongoing debates about semiconductor export controls, foreign investment screening, and whether the U.S. should restrict Chinese nationals from working on sensitive AI projects. These policy questions lack easy answers—overly broad restrictions could alienate talented researchers and violate civil liberties, while insufficient safeguards enable continued technology leakage.
Looking Forward: Prevention vs. Punishment
Ding’s conviction demonstrates that the justice system can hold economic spies accountable, but prosecution alone cannot solve the underlying problem. As long as AI capabilities determine economic competitiveness and military advantage, adversaries will attempt to acquire American technology through espionage.
Effective responses require multi-layered approaches including technical controls limiting data access based on role and clearance, behavioral monitoring detecting unusual data access patterns, employee vetting for foreign ties and financial pressures, cultural awareness about insider threat indicators, and rapid incident response when breaches are detected.
The case also highlights the importance of public-private partnerships. FBI counterintelligence worked closely with Google’s security team to build the case against Ding, demonstrating how cooperation between tech companies and law enforcement can identify and prosecute espionage even when initial detection fails.
As FBI Special Agent Sanjay Virmani noted: The theft and misuse of advanced artificial intelligence technology for the benefit of the People’s Republic of China threatens our technological edge and economic competitiveness.
Whether prosecutions like Ding’s deter future espionage or merely drive it further underground remains an open question that will shape U.S.-China technology competition for years to come.
Follow us on Bluesky, LinkedIn, and X to Get Instant Updates
