NextFin News - In a significant escalation of industrial espionage concerns within the U.S. technology sector, federal prosecutors have charged three Silicon Valley engineers with the systematic theft of sensitive trade secrets from Google and other leading tech firms. According to the U.S. Department of Justice, Samaneh Ghandali, 41, her husband Mohammadjavad Khosravi, 40, and her sister Soroor Ghandali, 32, were arrested on February 19, 2026, following a grand jury indictment in the Northern District of California. The trio, all residents of San Jose, faces charges of conspiracy to steal trade secrets, actual and attempted theft, and obstruction of justice.
The indictment alleges that the defendants exploited their high-level access at Google and two other unnamed semiconductor companies to exfiltrate confidential files related to mobile processor security and cryptography. Prosecutors claim that Samaneh and Soroor, while employed at Google, transferred hundreds of files to a third-party messaging app. These files were subsequently found on personal devices and work laptops at their subsequent employers. Most alarmingly, the investigation revealed that some of this data reached Iran, a development that U.S. Attorney Craig H. Missakian characterized as a direct threat to American innovation and national security. To evade detection, the group allegedly employed low-tech methods such as photographing computer screens—capturing hundreds of images over several months—and submitted false affidavits to their employers denying any unauthorized data sharing.
This case underscores a persistent and structural vulnerability in the high-stakes world of semiconductor development: the insider threat. While Silicon Valley has long focused on hardening external perimeters against hackers, this incident demonstrates that the most potent 'attack surface' is often the trusted employee. In the semiconductor industry, where intellectual property (IP) regarding processor architecture and encryption logic represents the core value of a company, the exfiltration of such data can negate years of research and development. According to Decrypt, industry experts note that firewalls are largely irrelevant when the exfiltration vector is legitimate access. When engineers can move hardware security designs out of controlled environments, the traditional security perimeter effectively collapses.
The geopolitical dimension of this theft—specifically the Iranian connection—elevates the incident from a corporate dispute to a matter of national defense. Under the administration of U.S. President Trump, there has been a heightened focus on protecting 'deemed exports,' where the mere sharing of technical knowledge with foreign nationals can constitute a violation of export controls. As advanced chips and cryptographic systems are increasingly treated not as neutral commercial goods but as instruments of geopolitical power, the transfer of such IP to adversarial nations like Iran triggers aggressive regulatory and prosecutorial responses. This case follows a similar conviction in January 2026, where a former Google engineer was found guilty of siphoning AI secrets for China, suggesting a broader trend of state-sponsored or state-benefiting economic espionage targeting the U.S. tech core.
From a corporate governance perspective, the Ghandali-Khosravi case exposes the limitations of standard compliance frameworks. Many tech firms rely on SOC 2 or ISO certifications to demonstrate security maturity; however, these audits often measure the existence of controls rather than their resilience against a determined insider. The defendants' ability to bypass digital monitoring by simply taking photos of their screens highlights a 'compliance gap' where organizations are secure on paper but critically exposed in practice. Furthermore, the family-linked nature of this scheme suggests that internal security audits must evolve to consider social engineering and collaborative insider risks that span multiple companies within the same supply chain.
Looking forward, the fallout from this case is likely to catalyze a shift in how Silicon Valley manages its human capital. We can expect U.S. President Trump’s administration to push for stricter segmentation and behavioral monitoring requirements for employees working on sensitive 'dual-use' technologies. Tech giants like Google and Qualcomm may be forced to implement more rigorous data loss prevention (DLP) tools that can detect non-digital exfiltration, such as screen-capture anomalies or unauthorized mobile device proximity. As the global race for semiconductor supremacy intensifies, the 'trusted insider' will remain the most volatile variable in the security equation, necessitating a move toward 'Zero Trust' architectures that apply not just to networks, but to the very engineers who build them.
Explore more exclusive insights at nextfin.ai.
