This article is more than 1 year old

Tesla axes software engineer for allegedly pilfering secret Python scripts after just three days on the job

WARP Drive process automation code said to be 'extremely valuable'

Tesla has fired and sued software engineer Alex Khatilov for alleged trade secret theft and breach of contract. The electric automaker claims its former employee copied thousands of files to his personal Dropbox account just days after being hired.

The complaint [PDF], filed on Friday in US District Court in San Jose, California, claims Khatilov, also known as Sabhir Khatilov and Alex Tilov, was hired as a senior quality assurance engineer on December 28, 2020, and began copying company files without authorization just days later.

"Within three days, he began stealing thousands of highly confidential software files from Tesla’s secure internal network, transferring them to his personal cloud storage account on Dropbox, to which Tesla has no access or visibility," the complaint contends. "The files consist of 'scripts' of proprietary software code that Tesla has spent years of engineering time to build."

Reached by phone on Friday afternoon, Khatilov said he was unaware of the lawsuit and insisted what happened was a mistake, the result of Dropbox automatically copying Python files he installed as part of his onboarding process.

According to the complaint, Khatilov, of San Bruno, California, was hired to write scripts to help automate Tesla's Environmental Health and Safety systems. The company relies on quality assurance engineers to automate various business tasks using Python scripts, which run on a backend system called WARP Drive.

Out of Tesla's approximately 50,000 employees, only the 40 members of the quality assurance engineering team, which included Khatilov, have access to those scripts. And only eight people on the build team can grant access rights.

The carmaker claims its automation scripts represent "200 man-years" of labor and could help competitors copy the company's innovations. The scripts said to have been taken are used for procurement, inventory management, payment, processing, and delivery, among other business functions.

"These scripts would be extremely valuable to a competitor," said Golda Arulappan, senior manager of software quality assurance engineering for Tesla, in a court deposition. "Access to these scripts would enable engineers at other companies to reverse engineer Tesla’s processes to create a similar system in a fraction of the time and with a fraction of the expense it took Tesla to build the system."


Watchdog urges Tesla to recall 158,000 Model S, X cars to fix knackered NAND flash that borks safety features


Khatilov allegedly downloaded files from WARP Drive that were unrelated to his job responsibilities from December 31, 2020 through January 4, 2021, and again on January 6, 2021. That day, Tesla's Information Security Team detected the file transfers and found 26,377 file alerts from its network monitoring software, representing at least 6,300 files.

Upon confirming that the file transfers included proprietary information and violated corporate policies, David Schertzer, a senior security intelligence investigator at Tesla, opened an investigation. Later that day, according to Schertzer's deposition, he and other Tesla personnel conducted a remote interview of Khatilov via Microsoft Teams.

Asked what files he had copied to his Dropbox account, Khatilov is said to have initially insisted the files were personal in nature, a passport scan and a form W-4.

"I prompted Mr. Khatilov to screen share his laptop to confirm that his Dropbox account did not, as he twice claimed, contain any confidential Tesla files," recounts Schertzer in his deposition. "Mr Khatilov delayed accepting the screen share request for over a minute, thus not allowing us to see the screen or to view his Dropbox files."

"During this time, I observed Mr Khatilov on videochat rapidly clicking and typing," Schertzer continues. "Because of these circumstances, I believe he was trying to modify Dropbox or other files to interfere with our inspection."

I believe he was trying to modify Dropbox or other files to interfere with our inspection

When Khatilov finally shared his screen, Schertzer said that the software engineer claimed he had already deleted the Dropbox client app on his laptop. But as noted by another Tesla investigator, deleting the Dropbox client app does not delete files in a Dropbox cloud account.

Further back and forth via video supposedly convinced Khatilov to get rid of additional Tesla files in his Dropbox, a subset of the alleged trove.

Schertzer's account of the incident continues: "After supervising the deletion, I then informed Mr Khatilov that his Dropbox account contained non-administrative content and told him that Information Security had detected that he removed over 26,000 confidential filenames from the Tesla network. Khatilov claimed he didn’t mention these before, despite being asked twice, because he 'forgot.'"

Tesla's legal filing claims that Khatilov was evasive and lied to company investigators and says that the company cannot confirm its files have all been deleted. Moreover, the company says it believes Khatilov may have disseminated the files. It is seeking an injunction to force its former employee to turn over any copies of Tesla's files and to disclose the identities of anyone with whom he may have shared the data.

Khatilov in his conversation with The Register described his firing as "a weird situation." He said he'd been hired as a tester and a few days later received a computer with an onboarding document that directed him to install some software, which includes some Python files and modules.

He also installed Dropbox and said the software somehow started backing up those files. Later that day, he said, he got a call from Tesla security and was asked to meet and share his screen, briefly recounting the meeting described in the Tesla court filing.

He insisted the incident was a mistake and asked if we could send him a copy of the lawsuit, which we did. ®

More about


Send us news

Other stories you might like