Comment by aurareturn
5 hours ago
That would require hacking Nvidia's GPUs/racks to extract the weights. The weights are encrypted, sent to the GPU/rack encrypted. When it does inference, it will use decrypted weights but there is no way to get those weights unless you find a way to exploit Nvidia's GPU security.
Do you think OpenAI would send CoreWeave their GPT 5.5 Pro weights if an admin employee at CoreWeave can access the full weights unencrypted? Of course not.
It would require exactly that. A bit more involved than "scp that big file", yes. But you make a mistake by treating it as a hard blocker.
Like I said: it's a gentleman's agreement. If Musk said "I want Opus 4.7 weights", and those weights were on Colossus 1 hardware, he'd have those weights on his desktop, unencrypted, within a couple of weeks.
There's also the side channel line, because having inference on your hardware typically allows you to do things like snoop into KV cache and peek at per-layer, or even per-expert, residuals. Which allows for some very advanced distillation attacks. Might be easier/more deniable to pull that off than dumping full weights, in some circumstances.