Comment by ACCount37

It would require exactly that. A bit more involved than "scp that big file", yes. But you make a mistake by treating it as a hard blocker.

Like I said: it's a gentleman's agreement. If Musk said "I want Opus 4.7 weights", and those weights were on Colossus 1 hardware, he'd have those weights on his desktop, unencrypted, within a couple of weeks.

There's also the side channel line, because having inference on your hardware typically allows you to do things like snoop into KV cache and peek at per-layer, or even per-expert, residuals. Which allows for some very advanced distillation attacks. Might be easier/more deniable to pull that off than dumping full weights, in some circumstances.