Silicon Valley Espionage: Three Engineers Indicted for Stealing Google and Qualcomm Chip Secrets for Iran
A federal grand jury unsealed a 14-count felony indictment against three Silicon Valley engineers for stealing over 300 confidential files containing Google TPU and Qualcomm Snapdragon architectural secrets. The stolen data was accessed from Iran. The case exposes how consumer apps like Apple Notes bypass enterprise DLP systems—and why AI chip blueprints are now classified as national security assets.
Key Facts of the Federal Indictment (February 19, 2026)
→ Including conspiracy, theft, obstruction [1]
→ Google TPU + GPU designs [2]
→ San Jose, California [2]
→ Per count [2]
The Defendants and Targets
The three defendants—all Iranian nationals residing in San Jose, California—systematically targeted the “crown jewels” of American semiconductor innovation across multiple firms. [2]
Samaneh Ghandali (41), a former hardware engineer at Google who later worked at Intel. Soroor Ghandali (32), her sister, a former Google intern and subsequent Intel graphics hardware engineer. Mohammadjavad “Mohammad” Khosravi (40), Samaneh’s husband, a former ASIC design engineer at Qualcomm who previously served in the Iranian military. [2]
Categories of Exfiltrated Trade Secrets
| Company | Technology Stolen | Strategic Value |
|---|---|---|
| Tensor Processing Unit (TPU) architecture & functionality | Powers Pixel AI features; competes with Apple mobile AI | |
| AI supercomputer orchestration software | Coordinates thousands of chips for training workloads | |
| Custom SmartNIC designs | High-speed networking for Google Cloud products | |
| Google & Qualcomm | Hardware security & cryptography | Qualcomm Snapdragon security architecture |
Evolving Exfiltration Tactics
The operational mechanics of the espionage evolved as corporate security systems adapted to their presence. The scheme reveals a critical vulnerability: the exploitation of trusted consumer applications to bypass enterprise data loss prevention (DLP) systems. [4]
Phase 1—Direct digital theft (2022): The scheme began when Google’s physical and cybersecurity monitoring systems detected Soroor Ghandali downloading internal files to a personal USB drive in June 2022. Files were also transferred via encrypted platforms like Telegram. [2]
Phase 2—Apple ecosystem evasion: To avoid immediate detection by network monitors, the operatives utilized a sophisticated workaround. They copied data directly from Google source files into the Apple Notes application native to their corporate-issued MacBooks. This data was then converted into PDF formats and uploaded from the Google network directly into personal Google Cloud accounts, masking the exfiltration within legitimate application traffic. [4]
Phase 3—Analog exploitation (2023): After Google flagged Samaneh Ghandali’s suspicious activity in August 2023, revoked her access, and subsequently terminated her, the group resorted to analog evasion. The night before a planned trip to Iran in December 2023, Samaneh manually photographed 24 screens of her husband’s Qualcomm work computer to completely bypass digital footprint tracking. [2]
Foreign access confirmed: Prosecutors possess evidence that the stolen data was actively accessed using personal devices linked to the defendants while they were physically located in Iran in December 2023. [2]
Exfiltration Methods and Countermeasures
| Phase | Method | Detection | Response |
|---|---|---|---|
| June 2022 | USB drive + Telegram | Google physical/cyber monitoring | Flagged, access monitored |
| 2022–2023 | Apple Notes → PDF → personal Google Cloud | Bypassed DLP systems | Not immediately detected |
| Aug 2023 | Continued digital access | Google flagged activity | Access revoked, termination |
| Dec 2023 | Physical screen photography (24 images) | Bypassed all digital footprints | Discovered via investigation |
| Dec 2023 | Data accessed from Iran | Geolocation evidence | Federal indictment |
Charges and Penalties
All three defendants face 14 felony counts, including conspiracy to commit trade secret theft, theft of trade secrets (carrying a penalty of up to 10 years in prison per count), and obstruction of justice (carrying up to 20 years) due to their attempts to delete records, research cell carrier message retention policies, and sign false sworn affidavits to their employers. [2]
The arrests were executed during a period of acute geopolitical tension, coinciding with statements from U.S. President Trump indicating a potential decision regarding military strikes against Iran within days of the indictment. [2]
Systemic Implications: AI Hardware as National Security
This case—following closely on the heels of the first-ever conviction for AI-related economic espionage involving a former Google engineer stealing secrets for a Chinese startup [7]—illuminates a critical systemic vulnerability. While hyperscalers spend billions securing data centers and encrypting final model weights, the underlying architectural blueprints for the physical compute layer remain highly susceptible to insider threats. [5]
The case underscores that artificial intelligence hardware architectures are now classified alongside advanced munitions as a matter of supreme national security, subject to relentless economic espionage by foreign actors seeking to bypass decades of engineering to achieve technological parity. [2][7]
“While hyperscalers spend billions securing data centers and encrypting final model weights, the underlying architectural blueprints for the physical compute layer remain highly susceptible to insider threats exploiting trusted consumer applications.”
— Federal prosecution analysis, February 2026 [2][4]
Key Takeaways
- 300+ confidential files stolen: Google TPU architectures, AI supercomputer orchestration software, SmartNIC designs, and Qualcomm Snapdragon security details were exfiltrated over two years.
- Consumer apps bypass enterprise DLP: Apple Notes on corporate MacBooks was used to circumvent Google’s data loss prevention systems—a critical blind spot in enterprise security.
- Analog evasion as last resort: After digital access was revoked, screen photography of a Qualcomm computer bypassed all digital monitoring.
- Data accessed from Iran: Prosecutors have geolocation evidence confirming stolen files were accessed while defendants were physically in Iran.
- AI hardware = national security: Chip architectures are now treated as strategic assets equivalent to advanced munitions, subject to the same espionage dynamics.
- Second Google espionage case: Follows the first-ever AI trade secret conviction involving a former Google engineer stealing for a Chinese startup.
References
- [1] “Silicon Valley engineers charged with stealing Google trade secrets and transferring them to Iran,” Fox Business, February 2026. Available: https://www.foxbusiness.com/technology/silicon-valley-engineers-charged-stealing-google-trade-secrets-transferring-them-iran
- [2] “Three Silicon Valley Engineers Charged With Stealing Google, Qualcomm Trade Secrets for Iran,” Fintool News, February 2026. Available: https://fintool.com/news/google-iran-trade-secrets-theft
- [3] “Silicon Valley Engineers Charged With Theft of Google, Tech Trade Secrets,” Decrypt, February 2026. Available: https://decrypt.co/358710/silicon-valley-engineers-charged-with-theft-of-google-tech-trade-secrets
- [4] “Protecting trade secrets in the age of AI: Lessons learnt from the theft of Google trade secrets,” Potter Clarkson, February 2026. Available: https://www.potterclarkson.com/news/protecting-trade-secrets-in-the-age-of-ai-lessons-learnt-from-the-theft-of-google-trade-secrets
- [5] “Ex-Google engineers accused of swiping chip security secrets,” The Register, February 2026. Available: https://www.theregister.com/2026/02/20/google_ip_theft_charges/
- [6] “Ex-Google Engineer and Family Charged Over Alleged Pixel Tensor Processor Trade Secret Theft,” StartupTalky, February 2026. Available: https://startuptalky.com/news/ex-google-engineer-pixel-tensor-chip-trade-secrets-theft-us-charges/
- [7] “Ex-Google Engineer Convicted for Stealing AI Secrets for China Startup,” The Hacker News, January 2026. Available: https://thehackernews.com/2026/01/ex-google-engineer-convicted-for.html
- [8] “Google Engineer Who Stole AI Trade Secrets Gets Guilty Verdict: Lessons for Your Business,” Fisher Phillips, February 2026. Available: https://www.fisherphillips.com/en/news-insights/google-engineer-who-stole-ai-trade-secrets-gets-guilty-verdict.html
