These are terabyte sized files (realistically a multi hour transfer) that you're unlikely to have access to in the first place. Every organization has exfiltration checks these days. You may succeed but you'll want to be on a plane to a non-extradition country no more than hours after you kick off the transfer.
replyI assume they’re encrypted/DRM’ed when deployed on inference hardware, so only core researchers/sec admins would potentially have some access to unprotected weights, and they are far too well paid to risk it leaking the model
replyIncentives matter on the average, but people are too unpredictable for categorical statements like that. They can always have other reasons beyond personal gain to leak secrets.
replyThere was no shortage of spies and defectors leaking American nuclear secrets to the USSR during the Cold War.
I wouldn't be surprised if they encrypt them at rest, but at some point the weights have to be loaded into vram.
replyNewer NVidia cards (H100 and up) support both in-memory model encryption and ‘trusted’ execution environment/remote attestation, not sure how widely used in frontier model deployments, but at least vendor claimed perf overhead is ‘3%’ [0]
reply[0] https://www.spheron.network/blog/confidential-gpu-computing-...
What’s the point? Anthropic and other frontier vendors already provide their models on other services like vertex, bedrock, or openrouter
replyIt’s not like anyone can home lab one of these models without quite a bit of hardware
Yeah we can probably figure out how to run it on xiaomi gpus
replyThe employees are hoping to become very very rich after the IPO and after they are allowed to sell the shares given to them - risking a likely multi-million dollar pay back to leak a model that will be superseded by publicly available models in a couple of years is not a likely decision.
reply