The Silent War for Innovation

I’ve spent the last decade advising companies on protecting their intellectual property, and I can tell you with absolute certainty: we’re in the middle of an unprecedented espionage arms race. The battleground? Your company’s deeptech innovations. The weapons? Everything from traditional listening devices to the smartwatch on your chief researcher’s wrist.

Anthropic’s recent update to their Responsible Scaling Policy highlights this shift, incorporating advanced Technical Surveillance Countermeasures (TSCM) to protect their AI trade secrets from increasingly sophisticated threats. They’re not being paranoid—they’re being prudent. Let me show you why your company should follow suit.

The Competitive Deeptech Landscape

The stakes in today’s innovation race extend far beyond simple market share. We’re seeing three critical battlegrounds emerge:

First, hardware sovereignty has become a national security concern.

• Semiconductor independence drives geopolitical power, with AI infrastructure demands accelerating the race.
• This isn’t just business—it’s realpolitik playing out in corporate boardrooms.

Second, energy constraints present both challenges and opportunities.

• Nuclear fusion research has become intertwined with AI advancement, with ML algorithms accelerating materials science breakthroughs.
• Energy constraints—such as limited electricity supply, high energy costs, or insufficient grid infrastructure—have a significant impact on the pace and scope of AI advancement for both countries and businesses.

Third, data frontiers represent the new oil.

• Real-world biological, medical, and sensor data are becoming essential for training next-generation AI models.
• Companies with unique datasets enjoy a 2-3x valuation premium compared to competitors with similar technology but inferior data.

These converging forces create perfect conditions for industrial espionage on an unprecedented scale.

Recent Security Incidents: When Theory Becomes Reality

The semiconductor industry provides the clearest examples of modern corporate espionage:

Case 1: From 2016-2020, a nation state-backed company orchestrated what I consider the perfect modern heist againt a competitor (the Original Equipment Manufacturer, OEM). The nation-state backed company recruited three OEM engineers with 200-300% salary increases, who walked out with IP valued between $400 million and $8.75 billion. The files were hidden on air-gapped laptops, making them undetectable until authorities raided the competitor’s offices.

Case 2: Even more concerning is what happened at another company, where nation-state backed hackers maintained access for 2.5 years, steadily exfiltrating chip designs used in Apple Pay and automotive systems. The victim firm only discovered the breach after significant damage was already done.

Case 3: Perhaps most alarming is company 3’s experience—this firm faces thousands of security incidents annually, including successful thefts of extreme ultraviolet lithography blueprints, technology that costs billions to develop and represents the cutting edge of semiconductor manufacturing.

These aren’t isolated incidents—they represent a systematic campaign to shortcut R&D timelines and undermine technological leadership.

How is confidential information compromised?

TSCM’s Dual Role in Modern Security

Technical Surveillance Countermeasures (TSCM) have traditionally focused on detecting physical bugs and wireless transmitters in sensitive spaces. This remains essential—but wildly insufficient in today’s threat landscape.

Modern TSCM must address two distinct but interconnected domains:

Traditional Counter-Eavesdropping:

• Regular facility sweeps using spectrum analyzers and non-linear junction detectors
• Physical security red-teaming to test facility vulnerabilities
• Event-specific sweeps after high-risk meetings or suspected breaches

Cyber-Physical Convergence Threats:

• Employee devices infected with malware that turns smartphones into always-on microphones
• Wearables with speech-to-text capabilities silently uploading sensitive conversations
• Supply chain implants that create hardware backdoors in seemingly innocent peripherals

Threat Vector	Example	Impact
Compromised devices	Malware turning smartphones into always-on mics	Real-time conversation monitoring
Wearables	Speech-to-text enabled smartwatches/glasses	Silent data exfiltration
Supply chain implants	Tampered peripherals with hardware backdoors	Persistent network access

Anthropic’s approach includes all of the above, plus deception technologies like honeypot model weights to identify and trace information leakage.

An Effective Information Security Strategy for 2025

Your company’s approach to protecting trade secrets must evolve beyond traditional cybersecurity and physical security silos. Here’s what works:

1. Integrated Defence Systems: Combine physical TSCM sweeps with network traffic analysis and endpoint monitoring. The segregated security approaches of the past create dangerous blind spots.
2. Zero-Trust Device Policies: Use of clearly designated zones where personal devices are prohibited is increasingly normal. This isn’t surveillance—it’s survival. The Princeton Plasma Physics Laboratory now requires all personal electronics be secured in Faraday pouches before entering research zones.
3. Supply Chain Verification: As the company in Case 3 discovered, vendor security (supply chain security) is your security. Implement hardware authentication mandates and binary authorisation frameworks for all incoming equipment and software.
4. Insider Threat Programs: Case 1 illustrates how easily employees can become vectors for IP theft. Modern insider threat programs should focus on behavioral analytics rather than punitive measures, identifying unusual data access patterns before information walks out the door.
5. Deception Technology: Following Anthropic’s example, plant convincing but subtly incorrect information in non-critical systems. When this data appears elsewhere, you’ve identified a leak.

A robust security program does not funciton in silos – it needs to present a holistic, complete treatment of the risk and address the particular threats faced by the respective organisation.

The Rising Threat of Cyber-Enabled Economic Espionage: What Business Leaders Need to Know

Conclusion: Security as Competitive Advantage

The commercialisation of deeptech innovations increasingly depends not just on who develops the technology first, but who can keep it secure long enough to bring it to market. While the FBI reports a 1,300% increase in industrial espionage cases since 2014, the companies succeeding in this environment aren’t necessarily the ones with the best technology—they’re the ones that can actually keep that technology secret.

An integrated approach to trade secret protection isn’t just good security practice—it’s a strategic business advantage. In an era where a single breakthrough in AI, semiconductors, or fusion energy could be worth billions, effective TSCM isn’t a cost center—it’s an investment in your company’s future.

The days of treating physical security, cybersecurity, and insider threats as separate domains are over. If you’re not addressing all three simultaneously, you might as well be posting your research on Twitter.

Your competitors have already figured this out. Have you?

Further Reading

• Anthropic (2025). Anthropic’s Responsible Scaling Policy: Anticipating and securing against emerging threats that accompany increasingly powerful models, updated 31 March 2025.
• Curwell, P. (2021). How is confidential information compromised?
• Curwell, P. (2025). The Rising Threat of Cyber-Enabled Economic Espionage: What Business Leaders Need to Know

DISCLAIMER: All information presented on paulcurwell.com is intended for general information purposes only. The content of paulcurwell.com should not be considered legal or any other form of advice or opinion on any specific facts or circumstances. Readers should consult their own advisers experts or lawyers on any specific questions they may have. Any reliance placed upon paulcurwell.com is strictly at the reader’s own risk. The views expressed by the authors are entirely their own and do not represent the views of, nor are they endorsed by, their respective employers. Refer here for full disclaimer.