First-Party Signal: OpenAI’s Secure Manufacturing & Stealth Listings
OpenAI has built a dedicated Secure Manufacturing & Stealth function to guard unreleased hardware and supply chains. The team breaks from the lab’s history of software-only security hires.
The clearest proof sits in its job posts. A listing dated April 23, 2026 on eworker describes a Head of Secure Manufacturing and Stealth (SMS) – APAC. The role leads “OpenAI’s efforts protecting sensitive product development and production operations in the APAC supply chain.” A mirror posting on wfadigital pins the same job in Seoul, South Korea. Both cast a unit that “partners closely with supply chain and operations teams to protect OpenAI’s most sensitive projects.”
The APAC lead role
The APAC head designs and drives “the program that safeguards our most advanced projects and systems,” working where physical security, supply chain assurance, and insider risk meet. The post lays out multi-month security pushes across vendors, manufacturing partners, and internal ops teams. The job sends the hire to foreign vendor sites roughly one trip in four. OpenAI says the mandate lets engineers move fast while keeping innovations secret until launch.
The San Francisco specialist
OpenAI also posted a Senior Secure Manufacturing and Stealth Specialist in San Francisco (ZIP 94112). TheLadders estimates its pay; the table below sets that against company-wide medians and research-engineer bands drawn from Zero G Talent’s board for OpenAI. The gap shows the lab is hiring investigative generalists, not model builders.
| Role | Location | Salary band | Source |
|---|---|---|---|
| Head of SMS – APAC | Asia-Pacific (Seoul per mirror) | Not disclosed | eworker Apr 23 2026 |
| Senior SMS Specialist | San Francisco, CA 94112 | $130k–$180k | TheLadders |
| OpenAI median (all roles) | Multiple | $335k median | Zero G Talent board |
| Research Engineer (recent) | San Francisco | $293k–$585k | Zero G Talent board |
Required investigative competencies
OpenAI job posts describe a function seeking to build an investigative capability for Secure Manufacturing & Stealth programs, with a risk surface covering unreleased products, prototypes, confidential hardware, and infrastructure. The roles involve conducting proactive risk assessments and investigations across production and partner environments, including third-party vendor ecosystems, and developing, enforcing, and auditing policies at production and integration sites. The posts state the role will “partner with external suppliers, vendors, and law enforcement to ensure global consistency in security practices and incident response.”
Team structure and geography
The listings sketch a matrix. The APAC head leads initiatives with Engineering, Operations, Legal, and Security; the senior specialist post repeats that cross-functional spine. OpenAI’s security group, per the listing, “protects OpenAI’s technology, people, and products” and ties the work to safe AGI. Geography splits the function: one head covers APAC, the specialist sits in San Francisco, a hub-and-spoke model guarding foreign supply lines and a U.S. core.
The Head of SMS – APAC listing on jobsbyculture shows “Archived Jun 5, 2026,” meaning the post closed within six weeks of going live. The wider board shows the SMS posts are now filled or withdrawn. A LinkedIn snippet describes the risk surface as including unreleased products, prototypes, confidential hardware, and infrastructure. That language puts hardware and logistics on equal footing with code.
OpenAI’s own words frame the mandate: “We design and enforce safeguards that ensure our innovations remain confidential until launch, while enabling our engineers and partners to move quickly and effectively.” Team tenets from the April post include prioritizing impact and preparing for future transformative technologies. Those tenets show the function is built for scale, not a temporary fix.
The postings leave no doubt. OpenAI is hiring people who can run end-to-end investigations across cyber and physical domains, own supply chain controls, and coordinate with law enforcement. That job differs from defending a cloud tenant. The listings prove the lab now treats its manufacturing footprint as an industrial espionage front.
The Hybrid Investigator Profile and Its Sourcing Pool
The posts reviewed above sketch a hybrid profile. Not a software penetration tester or compliance auditor, but someone who can walk a cleanroom, read procurement records, and trace a leak to a logistics partner.
That skillset mirrors the insider-threat discipline the U.S. government built after Executive Order 13587 forced every executive agency to stand up a program in 2011. CDSE’s January 2024 catalog trains program managers to assemble multidisciplinary teams that monitor, analyze, and respond to insider incidents, then adds cyber indicators and behavioral science. A CISA-backed course updated May 2025 grants an Insider Threat Investigator certificate for both non-technical and technical analysts. A Global Counter-Insider Threat Professional credential, born from a 2021 study, extends that know-how to private industry.
What makes the profile hybrid is the supply-chain lens. An insider threat here is any person with authorized access—employee, contractor, vendor—who can touch goods, services, or data. The damage is real. In October 2022, a U.S. superconductor firm signed over $800 million in contracts with a Chinese wind turbine maker, then watched that partner recruit an insider to hand over trade secrets after the deal ended. In another case, foreign agents used stolen U.S. identities to place North Korean IT workers inside more than 300 companies, stealing intellectual property from late 2020 through 2023. SolarWinds remains the classic third-party breach: malicious updates hit some 18,000 customers in December 2020.
Those cases explain why the sourcing pool starts in defense. Professionals who earned CCITP credentials inside the Department of Defense or ran insider-threat programs under NITTF already practice cross-domain investigation. They apply least privilege, continuous monitoring, and background checks. Internal risk is not always malicious; employees slip up, so such an investigator needs behavioral judgment as much as network logs.
Aerospace and hardware manufacturing form the second pipeline. Hardware firms routinely guard prototypes. Amazon’s Prototype Security Investigations team hires specialists to shield consumer electronics before release. The investigative need spans employees, suppliers, logistics partners, and manufacturing workflows, exactly the surface OpenAI named.
The open market shows the pool’s size. Indeed.com lists 7,112 prototype security postings, among them 871 investigator roles and 1,225 cross-domain cyber jobs. Those candidates can pivot to a frontier lab.
The role requires a candidate with a GCITP certificate, experience running insider-threat investigations in a DoD command, and time in a hardware prototype shop where staff tracked asset movement daily. That combination is rare. OpenAI’s build-out pulls such people from defense and aerospace into AI’s physical supply chain. Watch OpenAI for those listings.
Is AI Hardware the New Espionage Target?
Apple Inc. sued OpenAI on July 10, 2026, accusing the lab of stealing trade secrets tied to unreleased hardware. The filing names OpenAI, its hardware chief Tang Tan, former Apple engineer Chang Liu, and io Products, the device startup founded by ex-Apple design chief Jony Ive. The lawsuit shows how exposed a frontier lab’s prototype pipeline has become. Los Angeles Times reported the suit claims more than 400 former Apple workers now sit at OpenAI.
CNN counted at least ten engineers who joined directly from Apple per LinkedIn profiles. The suit says Liu accessed and downloaded dozens of Apple confidential hardware files, including engineering presentations and technical specs for unreleased products. Apple alleges OpenAI copied Neural Engine architectural designs and thermal management details for a clandestine initiative called Project Starlight, a standalone AI device expected later in 2026. If a court grants an injunction, OpenAI’s hardware work could stall for years.
OpenAI denies the claims. "We have no interest in other companies’ trade secrets," said Drew Pusateri, a spokesperson for OpenAI, in CNN’s reporting. Apple says it asked OpenAI to cease and destroy materials months before filing, with no response. The partnership that put ChatGPT into Siri has soured, and analysts suggest Apple may drop ChatGPT from iOS 19. The legal fight freezes software collaboration and complicates OpenAI’s anticipated IPO.
The Apple suit is the loudest alarm, but verified cyber incidents preceded it. SiliconAngle reported in July 2025 that OpenAI tightened internal security after Chinese startup DeepSeek released a rival model alleged to have trained on ChatGPT data through distillation. OpenAI then installed stricter information controls, enhanced staff vetting, and physical safeguards. Projects moved to a “tenting” system limiting access to read-in team members. Biometric fingerprint scans guarded sensitive labs. OpenAI air-gapped portions of infrastructure. The lab hired former Palantir security head Dane Stuckey as chief information security officer and put retired Army General Paul Nakasone on its board.
As generative AI becomes more strategically and commercially valuable, protecting the models that power it is becoming just as important as building them.
That line from the July 2025 coverage captures the shift. The threats were not abstract. On May 14, 2026, OpenAI confirmed that two employees’ devices were compromised during the Mini Shai-Hulud / TeamPCP TanStack npm supply-chain campaign. That operation poisoned hundreds of trusted npm and PyPI packages earlier that week, hitting developer machines directly. A breach of this kind strikes the exact vector a secure manufacturing team must watch: external partner code, procurement records, and manufacturing workflows.
The Apple case shows insider risk through talent movement. The DeepSeek episode shows external model theft via distillation. The npm campaign shows a direct attack on engineer workstations through poisoned dependencies. Each maps to the cyber-physical domains OpenAI listed earlier for its investigative role. The events prove the lab wrote those job specs after contact, not before.
OpenAI’s denials do not erase the lawsuits or the confirmed compromises. The build-out of a stealth investigations function follows named events with dates and filings. The next test comes in court. A jury will decide who controls AI hardware for the next decade, and the investigators already hired will open their first real case files.
Rivals Pour Money Into Models, Not Guards
Anthropic posted 47 new roles in the past seven days on Zero G Talent’s live board, and not one lists secure manufacturing, stealth investigations, or supply chain counterintelligence. The closest matches are research engineering slots like Computer Use and Code RL, priced up to $850,000 a year at Anthropic. That burst contrasts with OpenAI’s 71 additions in the same window, which include the investigative capability flagged earlier at OpenAI. DeepMind added zero roles and carries a single open listing for a Materials Science Research Engineer at $141,000–$202,000, per the board’s count for DeepMind. The numbers suggest OpenAI’s defense-grade team is not yet a copied template.
The question matters because one company’s posts prove little about industry direction. If Anthropic or DeepMind were standing up equivalent units, we could read the shift as sector-wide. The board data says otherwise. Anthropic’s filings skew hard toward model and agent development. Business Insider reported in February 2026 that the lab sought more than 100 coding experts plus smaller pools in finance, marketing, and legal. The towardsai.net March 2026 article noted Dario Amodei’s declaration that AI would replace software engineers within six to twelve months, yet his company kept hiring them. In the February Business Insider piece, Boris Cherny, creator of Claude Code, said “Someone has to prompt the Claudes, talk to customers, coordinate with other teams, decide what to build next,” adding that engineering is changing and great engineers matter more than ever. The execution layer of the job is being automated; what remains is judgment, not guard duty.
DeepMind’s public careers page describes state-of-the-art model building for Gemini and Veo, not hardware protection. Its one live board role is a Materials Science Research Engineer in Mountain View, with no mention of vendor risk, insider threat, or adversarial collection—the competencies OpenAI’s post demands. Google DeepMind’s careers site confirms the lab’s focus stays on generative models with global reach. Across the frontier, the companies advancing autonomous coding pay engineers the most and compete hardest for senior talent, but that contest is for research and judgment roles, not physical investigative ones.
| Lab | Roles added (7d) | Total board roles | Sample recent posting | Manufacturing-stealth role? |
|---|---|---|---|---|
| OpenAI | 71 | 573 | Research Engineer, Data Understanding – Foundations ($350k–$555k) | Yes (Secure Manufacturing & Stealth listings) |
| Anthropic | 47 | 344 | Research Engineer, Code RL ($500k–$850k) | No |
| DeepMind | 0 | 1 | Research Engineer, Materials Science ($141k–$202k) | No |
The table shows divergence in scale and intent. Anthropic’s median salary band of $405,000 beats OpenAI’s company-wide median shown earlier, but the dollars flow to reinforcement learning and inference, not investigations. DeepMind’s band tops out near $202,000, reflecting its thin intake. Peers are accelerating agentic work—just not the manufacturing-stealth kind.
Anthropic is not ignoring security. Regulators scrambled after the Claude Mythos model raised cybersecurity alarms, as reported by sullcrom.com and related outlets. Those moves match the broader trend of rival labs answering IP and cyber threats through software agents, not by recruiting defense-style investigators. The response bifurcates: OpenAI builds a physical investigative fence around prototypes; Anthropic and DeepMind build smarter agents.
One caveat limits the conclusion. Job boards capture only live requisitions. A stealth team by definition can hide its postings, though OpenAI’s were public. DeepMind’s zero weekly additions may reflect a hiring freeze rather than absence of interest. Still, with first-party board data showing 344 Anthropic roles and 1 DeepMind role, the absence of any manufacturing-stealth wording is a strong signal.
Watch the boards in thirty days. If Anthropic’s next 47 roles include “insider threat” or “vendor risk,” the sector has shifted. Until then, OpenAI alone owns this cross-domain investigative experiment.
Drawing the Line Around Stealth Hires
Blue Origin posted a Civil Engineer, Future Launch Sites role asking for a U.S. citizen to scout and permit rocket pads that do not exist yet. The listing calls for site identification, due diligence, conceptual design, and environmental strategy. That is a space infrastructure hire with zero overlap with OpenAI’s new drive to protect unreleased hardware from corporate espionage.
The story we have traced is narrow: OpenAI is building a Secure Manufacturing & Stealth investigations team that demands defense-grade cyber-physical chops. To keep that scope honest, we must wall it off from three unrelated hiring surges sweeping the frontier sector. Space civil engineering, legal-AI customer success, and OpenAI’s own commercial and research expansion are real and funded, but none investigate supply chains or shield prototypes.
Take Blue Origin’s parallel posting for a Senior Civil Project Engineer on its Launch Infrastructure Development team. The job gives advanced civil engineering expertise and oversight for building launch facilities and ground systems. Applicants must hold U.S. citizenship or a green card and keep badging at Cape Canaveral. The skillset is concrete: pour foundations, route utilities, satisfy regulators. The listing never mentions insider threat, vendor risk, or adversarial collection. A civil engineer who can find a wetland is not a person who can catch a leak at a contract manufacturer.
Harvey, the legal-AI platform, shows the second fence line. It posted an Enterprise Customer Success Manager, Mexico to push its agentic AI into Latin American law firms. Harvey says it serves 1500+ customers in 60+ countries. The role drives client adoption of a software product that reshapes knowledge work. There is no factory, no prototype, no physical movement of assets. Legal-AI customer success lives in slide decks and dashboards, not loading docks.
OpenAI itself adds noise we must exclude. The lab’s commercial and research expansion detailed in the board data earlier sits outside the fence. Its own site carries a B2B Marketing Lead, India to drive enterprise strategy. Those hires sell and build models. The Secure Manufacturing & Stealth post, by contrast, demands cross-domain investigations per OpenAI’s description. A marketing lead in Mumbai does not probe procurement records for spies.
The numbers make the separation clear:
| Hiring surge | Example role | Core domain | Why outside stealth scope |
|---|---|---|---|
| Space civil engineering | Blue Origin Civil Engineer, Future Launch Sites | Launch site design, permitting | No prototype or supply chain investigation |
| Legal-AI customer success | Harvey Enterprise Customer Success Manager, Mexico | Legal software adoption | Pure SaaS GTM, no physical assets |
| OpenAI research/commercial | Recent research/commercial postings; B2B Marketing Lead India | Model research, enterprise marketing | Builds and sells AI, not shields hardware |
| OpenAI Secure Mfg & Stealth | Investigative capability build (OpenAI job posts) | Cyber-physical insider threat probes | The IP defense front line |
The broader agentic AI job market surge noted earlier still reflects software roles like Anthropic’s Technical Enablement Lead or Harvey’s product marketing. They are not the cross-domain hire OpenAI now seeks. DeepMind’s thin board, also noted earlier, proves the lab surge is uneven.
Regulators chase model cybersecurity risks, as sullcrom.com reported with Anthropic’s Mythos triggering bank meetings. That scrutiny is about model exploitation, not a stealth manufacturing floor. The line is physical: if the role touches a prototype, a vendor, or a logistics partner, it belongs to the new investigative cadre. If it pours concrete, demos legal search, or runs an India campaign, it stays outside the fence.
When you scan frontier postings, filter for "investigations" and "secure manufacturing" before you count an AI lab as part of this shift. The defense-style hires protecting hardware are a small, specific wedge inside a much larger, noisier hiring boom.
Working in AI? Zero G Talent tracks the openings: see every open OpenAI role, browse AI jobs, openings at Anthropic and DeepMind, and the people building the field.