U.S. authorities have filed charges against three engineers based in San José (California) for alleged conspiracy to steal trade secrets related to mobile processor technology, including documentation linked to the Tensor SoC used by Google in its Pixel phones. According to the Department of Justice, this case goes beyond an isolated leak: it details a pattern of extracting sensitive information, moving it to unauthorized locations, and taking actions to conceal evidence.
The defendants are Samaneh Ghandali (41 years old), Mohammadjavad Khosravi (40 years old) —also identified as Mohammad Khosravi— and Soroor Ghandali (32 years old). A federal grand jury has charged them with , theft and attempted theft of trade secrets, and . All three were detained and initially appeared before a federal court in San José on February 19, 2026, according to the official statement from the U.S. Attorney for the Northern District of California.
A Case Targeting the “Core” of Chip Design
While the indictment does not publicly detail each document leaked, the Department of Justice states that the stolen information includes trade secrets related to processor security and cryptography, along with other technical elements associated with mobile processors. In the context of a modern SoC, such documentation is far from “internal papers”: it typically describes protection mechanisms, security architecture, and design decisions that, if obtained by rivals, could be used to accelerate development, identify vulnerabilities, or replicate proprietary solutions.
Technology media have specifically linked the case to Google’s Tensor chips for Pixel, emphasizing that the investigation focuses on processor technology for smartphones.
How the Information Exfiltration Might Have Occurred
The indictment describes a series of maneuvers designed to bypass internal controls. The Department of Justice asserts that the accused gained access to confidential information through their roles in mobile processor tech companies. The two sisters—Samaneh and Soroor—worked at Google before moving to another firm (referred to as “Company 3” in the indictment), while Khosravi reportedly worked at another firm (called “Company 2”).
The alleged exfiltration took place at unauthorized personal and third-party locations, including devices linked to the employers of the other defendants, and also in Iran, the official note states.
One notable detail in the official account is the method used to transfer documents: Samaneh Ghandali reportedly moved hundreds of files to a third-party communication platform, using channels that displayed the first names of all three defendants. Soroor Ghandali is said to have made similar transfers. Later, these files appeared copied across various personal devices and work systems associated with “Company 2” and “Company 3”.
Photographing Screens to Bypass Controls and the Iran Trip
The case also involves a “counter-measure” aspect aimed at evading detection. According to the Department of Justice, the suspects attempted to hide their activity through , deletion of files and logs, and changing methods to avoid triggering alarms: for example, manually photographing sensitive screens instead of digitally transferring full documents.
The timeline provided by prosecutors points to a turning point in August 2023, when Google’s internal security systems detected activity linked to Samaneh Ghandali, leading to her access being revoked. Nonetheless, the indictment claims she signed a document declaring she had not shared confidential information outside the company. Subsequently, she and Khosravi allegedly sought information on deleting communications and data retention practices by mobile providers, while continuing to access trade secrets stored on personal devices and photographing confidential screens for months.
The official account details an incident on the night before a trip to Iran in December 2023, where Samaneh Ghandali reportedly took approximately 24 photographs of her colleague Khosravi’s work computer screen displaying sensitive information from “Company 2.” Once in Iran, a personal device linked to her accessed these photos, and Khosravi reportedly accessed more confidential data from his employer.
Penalties: Up to 10 Years per Crime and 20 Years for Obstruction
As in most U.S. criminal proceedings, the Department of Justice emphasizes that an indictment does not mean guilt and that the defendants are presumed innocent until conviction. However, the penalties are severe: the note states that if convicted, each defendant faces a maximum of 10 years in prison and a fine of $250,000 for each count of conspiracy/stealing (or attempting to steal) trade secrets, and up to 20 years in prison and the same fine for obstruction of official proceedings.
Media outlets such as Bloomberg and The Verge have reported that the case involves a total of 14 serious charges, including conspiracy, theft of secrets, and destruction/obstruction of evidence.
Why This Case Matters to the Industry
In the race to enhance smartphone performance and, especially, to bring Artificial Intelligence capabilities into devices, SoCs have become a critical competitive edge. For Google, Tensor is part of its strategy to embed advanced features in Pixel; for the industry, these chips and their security mechanisms are central to conversations about privacy, data protection, and resilience against attacks.
The broader takeaway from this case—beyond the judicial outcome—is uncomfortable for any major tech company: risks are not only external. Organizations invest heavily in perimeter defenses, intrusion detection, and access controls, but a portion of the risk resides internally, in teams with legitimate access to highly sensitive documentation. When, as alleged, transfers to external channels, copying to personal devices, and efforts to conceal traces are combined, the problem extends beyond compliance: it becomes a direct threat to intellectual property.