- Updated: February 20, 2026
- 7 min read
Silicon Valley Engineers Charged with Stealing Google Trade Secrets for Iran
Three Silicon Valley engineers have been indicted for allegedly stealing Google trade secrets and transmitting the confidential data to Iran.
Introduction: Why This Case Matters
In a high‑profile espionage case that has sent shockwaves through the tech community, a federal grand jury in the Northern District of California charged three engineers with conspiring to steal proprietary information from Google and a leading semiconductor firm, then funneling that data to the Iranian government. The indictment, announced on February 20, 2026, underscores the growing intersection of intellectual‑property theft, nation‑state cyber‑espionage, and the vulnerabilities inherent in today’s hyper‑connected workplaces.
For cybersecurity professionals, investors, and anyone who relies on cutting‑edge silicon, the allegations raise urgent questions about supply‑chain security, employee monitoring, and the legal ramifications of cross‑border data exfiltration. Read on for a deep dive into the background, the alleged methods, and the broader implications for the tech industry.
Background of the Case
The three defendants—Samaneh Ghandali (41), her sister Soroor Ghandali (32), and Mohammadjavad Khosravi (40)—are all Iranian nationals residing in San Jose, California. Samaneh, a naturalized U.S. citizen, and Soroor, who entered the U.S. on a student visa, previously held engineering positions at Google before moving to a third, undisclosed technology firm. Khosravi, a former Iranian army serviceman and permanent U.S. resident, worked for a separate company that designs system‑on‑chip (SoC) platforms, including Qualcomm’s Snapdragon line.
According to the indictment, the trio leveraged their privileged access to confidential design documents, cryptographic algorithms, and security‑testing frameworks. The alleged theft spanned several months, culminating in a coordinated effort to ship the data to Iran in December 2023.
Alleged Espionage Tactics and Specific Charges
The prosecution outlines a multi‑step operation designed to evade detection:
- Use of personal laptops and smartphones to download and store sensitive files.
- Routing of stolen data through third‑party messaging platforms, notably Telegram integration on UBOS, before copying them to personal devices.
- Searches for “how to delete communications” and “carrier message retention periods” on personal devices, indicating an intent to cover tracks.
- Photographing hundreds of computer screens displaying confidential code and architecture diagrams.
These actions led to the following federal counts:
- Conspiracy to commit trade secret theft.
- Theft and attempted theft of trade secrets.
- Obstruction of justice.
If convicted, each count carries a potential sentence of up to 10 years (20 years for obstruction) and fines up to $250,000.
How Google Detected the Breach
Google’s internal security team flagged anomalous activity on Samaneh’s account in August 2023. The company’s “zero‑trust” safeguards—two‑factor authentication, granular file‑access permissions, and continuous logging of data transfers—triggered an alert when large volumes of proprietary files were accessed from an unauthorized device. Google immediately reported the incident to the FBI, which coordinated the subsequent investigation.
“We have enhanced safeguards to protect our confidential information and immediately alerted law enforcement after discovering this incident,” said José Castañeda, a Google spokesperson, in a statement to the original CNBC story.
Google’s response highlights the importance of real‑time monitoring and rapid incident response—practices that are also central to the Enterprise AI platform by UBOS, which offers automated threat detection for SaaS environments.
Implications for the Tech Industry
The case serves as a cautionary tale for companies that develop high‑value IP such as SoC designs, AI models, and cryptographic protocols. Key takeaways include:
- Supply‑chain risk management: Even trusted employees can become vectors for state‑backed espionage.
- Zero‑trust architecture: Limiting data access to the minimum necessary and continuously auditing file movements are essential.
- Cross‑border legal exposure: Companies must understand export‑control regulations (e.g., EAR, ITAR) that govern the transfer of semiconductor technology.
- Employee vetting and monitoring: Background checks and ongoing risk assessments become critical when hiring talent with foreign ties.
For startups and SMBs, the UBOS for startups solution provides a cost‑effective way to embed AI‑driven security controls without the overhead of a full‑scale security operations center.
Expert Commentary
Cybersecurity analyst Dr. Lina Patel, senior fellow at the Center for Digital Threat Intelligence, notes:
“What makes this case unique is the blend of insider access and sophisticated exfiltration via consumer‑grade messaging apps. It demonstrates that traditional perimeter defenses are insufficient; organizations must adopt behavior‑based analytics to spot anomalies before data leaves the corporate network.”
Patel recommends integrating AI‑powered monitoring tools—such as the AI marketing agents that can also be repurposed for security analytics—to detect patterns that human analysts might miss.
Legal Landscape and Potential Penalties
The Economic Espionage Act (EEA) of 1996 provides the statutory framework for prosecuting trade‑secret theft that benefits a foreign government. Convictions under the EEA can result in up to 20 years in prison per count, reflecting the seriousness with which the U.S. treats intellectual‑property theft that threatens national security.
In addition to criminal penalties, Google and the affected semiconductor firm could pursue civil actions to recover damages, potentially seeking treble damages under the Defend Trade Secrets Act (DTSA). The financial impact of such litigation can run into the hundreds of millions of dollars, especially when the stolen technology underpins multi‑billion‑dollar product lines.
What Companies Can Do Right Now
Below is a quick‑start checklist for organizations looking to harden their defenses against insider‑driven espionage:
| Action | Why It Matters |
|---|---|
| Implement zero‑trust access controls | Limits exposure of sensitive files to only those who need them. |
| Deploy AI‑driven anomaly detection | Identifies unusual file‑access patterns in real time. |
| Enforce multi‑factor authentication (MFA) | Reduces risk of credential compromise. |
| Conduct regular export‑control compliance reviews | Ensures lawful handling of regulated technology. |
| Audit third‑party communication tools | Prevents covert data exfiltration via apps like Telegram. |
UBOS offers a suite of tools that align with each of these steps, from the Workflow automation studio for policy enforcement to the Web app editor on UBOS for building custom monitoring dashboards.
How UBOS Helps Organizations Stay Ahead
Whether you are a Fortune 500 enterprise or a fast‑growing startup, UBOS provides a modular AI platform that can be tailored to your security and productivity needs:
- UBOS platform overview – a unified environment for data ingestion, model training, and real‑time inference.
- UBOS templates for quick start – pre‑built pipelines for threat detection, compliance reporting, and incident response.
- UBOS partner program – collaborate with security vendors to extend capabilities.
- UBOS pricing plans – flexible pricing that scales with usage.
For example, the AI SEO Analyzer template can be repurposed to scan code repositories for inadvertent exposure of proprietary algorithms, while the AI Article Copywriter helps security teams generate clear breach‑response communications quickly.
Conclusion & Call to Action
The indictment of the three engineers marks a pivotal moment in the ongoing battle between corporate innovators and nation‑state actors. As the legal process unfolds, the tech community must internalize the lessons learned: robust zero‑trust architectures, AI‑enhanced monitoring, and vigilant compliance are no longer optional—they are essential safeguards for protecting the intellectual capital that fuels the digital economy.
If you’re looking to future‑proof your organization against similar threats, explore how UBOS can empower your security and development teams. Visit the UBOS homepage to start a free trial, or dive into our UBOS portfolio examples to see real‑world deployments.
Stay informed, stay secure, and remember: the best defense is a proactive, AI‑driven strategy that anticipates threats before they materialize.