Skip to content

Apple Says Former Employee Used ‘Rare’ Bug to Download Confidential Files Before Joining OpenAI

Apple Says Former Employee Used ‘Rare’ Bug to Download Confidential Files Before Joining OpenAI

Apple has filed a major lawsuit against OpenAI, accusing the ChatGPT maker and two former Apple employees of misappropriating confidential information to support OpenAI’s move into consumer hardware. The case, filed in the U.S. District Court for the Northern District of California, marks a sharp escalation in tensions between the two companies.

Apple Accuses OpenAI of Stealing Confidential Data

In its complaint, Apple alleges that OpenAI engaged in a coordinated effort to obtain and use Apple trade secrets through former employees, recruiting practices and supplier relationships.

Apple says the information at issue included unreleased product details, engineering files, manufacturing knowledge, supplier information, technical specifications and proprietary project data.

Former Apple Engineer Named in Lawsuit

One of the central figures in the complaint is Chang Liu, a former Apple senior systems electrical engineer who later joined OpenAI.

Apple alleges that Liu failed to return an Apple-issued work laptop and later used it to download confidential Apple hardware-related files after leaving the company.

Alleged Authentication Bug Exploit

According to Apple’s complaint, Liu allegedly used a rare and previously unknown authentication bug to access Apple’s internal network after he was no longer employed there.

TechCrunch reported that the bug was described as a zero-day vulnerability, meaning Apple did not have advance time to fix it before it was allegedly exploited. Apple has since fixed the bug and said it cut off Liu’s access once it learned of the breach.

Server Logs Cited by Apple

Apple said the vulnerability could have allowed a small number of other people to access data on its systems.

However, the company alleged that its server logs showed only Liu used the bug to obtain confidential information after leaving Apple.

Sensitive Files Allegedly Taken

Apple claims Liu accessed and took dozens of confidential files over several weeks while working at OpenAI.

The files allegedly contained information about unreleased technologies, future products, internal engineering presentations, technical specifications and project documents.

Alleged Message About Network Access

The complaint also describes a message Liu allegedly sent to then-Apple employee Yu-Ting “Alyssa” Peng after discovering he could still access Apple’s network storage.

According to TechCrunch, Apple claims Liu wrote that he had found he could access the network storage and joked about it. Apple also alleges Peng later joined OpenAI, though she is not named as a defendant in the lawsuit.

Use of Another Apple Employee’s Laptop Alleged

Apple alleges Liu also used Peng’s Apple-issued work laptop while she was still employed at Apple and he was not.

The complaint claims this access was part of a broader pattern in which confidential Apple information was moved toward OpenAI’s hardware development efforts.

Questions Around Employee Offboarding

The case highlights a major corporate cybersecurity risk: what happens when a former employee still has access to company systems.

Companies normally try to cut off employee access immediately after departure to protect trade secrets, internal files and sensitive business information. Apple’s allegations suggest that even a single authentication flaw or delayed access removal can create serious data security problems.

Apple Says Liu Did Not Report the Bug

Apple alleges that Liu did not report the authentication issue to the company, despite obligations under his employment agreement.

The complaint also says he did not return his Apple laptop or remove the program that allegedly allowed him to access Apple’s systems.

OpenAI Hardware Chief Also Named

The lawsuit also names Tang Yew Tan, a former Apple executive who spent 24 years at the company and worked on iPhone and Apple Watch product design before joining OpenAI.

Reuters reported that Apple accused Tan, now OpenAI’s hardware chief, of using Apple confidential information to benefit OpenAI and of encouraging Apple employees to bring Apple parts to OpenAI interviews.

Apple Claims OpenAI Targeted Apple Talent

Apple says more than 400 former Apple employees now work for OpenAI.

The company argues that while employees may carry experience and general knowledge into new jobs, that does not give OpenAI the right to use Apple’s confidential information to accelerate its hardware plans.

OpenAI Denies Interest in Trade Secrets

OpenAI has denied wrongdoing in broad terms.

In a statement cited by Reuters and TechCrunch, OpenAI said it has no interest in other companies’ trade secrets and remains focused on building innovative technology.

Case Linked to OpenAI Hardware Ambitions

The lawsuit comes as OpenAI is pushing further into consumer hardware.

Reuters noted that Apple’s complaint connects the alleged trade secret theft to OpenAI’s hardware ambitions, including its acquisition of io Products, the startup associated with former Apple designer Jony Ive.

Apple Seeks Court Orders

Apple is asking the court to stop OpenAI from using or disclosing its trade secrets.

The company is also seeking the return of confidential Apple materials and preservation of evidence connected to the case.

Lawsuit Could Reveal More Through Discovery

If the case moves forward, the discovery process could give Apple access to internal communications, documents and records from OpenAI and related defendants.

That could determine whether Apple’s allegations are limited to individual employee conduct or support its broader claim of a coordinated effort.

Apple’s lawsuit against OpenAI brings together two major issues in the modern technology industry: trade secret protection and AI hardware competition. Apple alleges that former employees misused confidential files, exploited a rare authentication bug and helped OpenAI gain insight into unreleased Apple products.

OpenAI denies interest in other companies’ trade secrets, and the claims remain allegations unless proven in court. Still, the case highlights how employee departures, weak access controls and intense AI competition can create serious legal and cybersecurity risks.

Leave a Reply

Your email address will not be published. Required fields are marked *