Google will let companies run Gemini models in their own data centers

Original Article ↗ Hacker News Discussion ↗

Security, Model Theft, and Black-Box Concerns

  • Many wonder if deployments will rely on confidential VMs and encrypted GPUs (SEV-SNP, TDX) to protect model weights; some speculate these could be eventually broken.
  • Opinions split on leak risk: some say only large enterprises can run models this big and won’t risk lawsuits; others note it only takes one hacked org or state actor for weights to escape.
  • Ideas floated: watermarking weights and heavy contractual liability to deter leaks.
  • For air-gapped government-style deployments, insiders with SSH access are seen as a key exfiltration vector.

Privacy, Trust, and Government Access

  • Strong skepticism toward a “black box in your DC” from a US advertising company, with fears of phoning home or covert access by intelligence agencies.
  • Others respond that big customers can and will strictly monitor or block traffic, and that Google has incentives and contracts not to sabotage or spy on Fortune 50s.
  • Debate over US government surveillance (FISA, PRISM, NSA tapping) leads some to argue that if it’s network-connected and run by Google, you shouldn’t treat it as fully private.
  • Air-gapped Google Distributed Cloud offerings for Secret/Top Secret missions are cited as evidence this can be made offline.

Hardware Choices and TPUs vs Nvidia

  • Notable that on-prem boxes use Nvidia Blackwell GPUs, not TPUs.
  • Explanations offered: CUDA familiarity/portability for customers, limited TPU supply, and desire to keep TPU advantages (cost, efficiency, long context) inside Google’s own cloud.
  • Gemini is said to be implemented in JAX/XLA, so it can target both TPUs and GPUs, though performance and cost differ.

Target Customers and Regulatory Drivers

  • Seen as aimed at governments, defense, intelligence, banking, healthcare, and large financial firms with strict data rules or entrenched on-prem estates.
  • Some argue true “must-be-on-prem” requirements mostly exist in government/adjacent sectors; others highlight broad corporate fear of data leaving the network, especially in the EU.
  • A bank employee notes they’re currently banned from AI over privacy, suggesting strong demand.

Data, Training, and “LLM Slop”

  • Discussion of Google’s proprietary data (Search, YouTube, Books) vs Common Crawl and LibGen: some see a moat, others emphasize that data quality, not human vs synthetic origin, matters.
  • Concerns about Common Crawl being increasingly contaminated by LLM output; counter-argument is that filtering LLM output is just another quality-filtering problem, though some point to model collapse when training on LLM-generated data.

Business Strategy and Comparisons

  • Some call this “government contract baiting” and a way to push Google Distributed Cloud, not just GCP.
  • Debate over whether using Google Cloud is effectively supporting an “ad company,” versus a now-profitable, separate cloud org.
  • Parallels drawn to the old Google Search Appliance: a mysterious but often better-than-alternatives yellow box, raising questions about opacity and logging.

Alternatives and Competition

  • DeepSeek is mentioned as a contrasting model-you-can-self-host; however, it’s seen as not in the same capability class as top Gemini models and lacks enterprise support contracts.
  • Microsoft’s Copilot and Azure’s earlier government approvals are noted as key competitive pressure.