AI model weights stolen by nation-state

Not Yet Testable · Security · 40% confidence

Predicted: February 2027 · Updated: 2026-04-03 · Source: ai-2027.com, page 11 + Appendix D

CCP leadership recognizes the importance of Agent-2 and tells their spies and cyberforce to steal the weights. (page 11; Appendix D provides detailed theft mechanics.)

What AI 2027 Predicted

The scenario predicts that a nation-state actor successfully steals the weights of a frontier AI model from a US lab. This is framed as a near-inevitable consequence of the enormous strategic value of frontier models combined with inadequate security at AI labs.

How We Track This

We monitor:

Cybersecurity incident reports involving AI companies
Nation-state cyber capability assessments
AI lab security standards and audits (e.g., RAND SL4-5 standards)
Intelligence community assessments of AI-related espionage

Current Evidence

No public evidence of frontier model weight theft. Google’s Cybersecurity Forecast 2026 highlights rising AI-driven threats and expanding nation-state cyber activity. CrowdStrike reports an 89% increase in AI-enabled adversary operations. Kiteworks’ 2026 report notes “growing evidence that attackers are using AI to run end-to-end operations with minimal human involvement.” North Korean-linked actors found embedding malicious code in open-source AI packages (Socket.dev). AI 2027’s own security forecast notes “we expect security to be less of a priority through 2025.” RAND assessments confirm no US AI lab meets SL4-5 security standards. Prediction is plausible but unverifiable — the defining feature of espionage.

Defense Investments: OpenAI’s Stargate project (~10GW planned capacity) includes enhanced security measures for frontier model infrastructure. OpenAI’s for-profit restructuring (announced October 2025) creates additional corporate governance and audit obligations that may improve security posture. These represent concrete SL3-level infrastructure investments on the defense side of the theft equation.

Sources:

Counterevidence & Limitations

By definition, successful espionage may never become public
Open-source models (Llama, DeepSeek) reduce the marginal value of theft
AI labs may have better security than RAND assessments suggest
China’s domestic capabilities (GLM-5, DeepSeek V4) may reduce the need for theft

What Would Change Our Assessment

Upgrade to “emerging”: Credible reports of attempted model theft or major security breaches at AI labs
Upgrade to “confirmed”: Public evidence or credible intelligence reports of successful weight theft
Maintain at “not-yet-testable”: Absence of evidence is not evidence of absence

Update History

Date	Update
2026-03	Prediction timeframe not yet reached (February 2027). No public evidence of nation-state model weight theft. Anthropic espionage incident and growing security concerns validate the threat model.