Apple Lawsuit Alleges OpenAI Hire Used Zero-Day Security Flaw to Access Secret Internal Data


apple openai lawsuit
Image credit: Apple | OpenAI

Last Friday, Apple dropped a bombshell news, announcing that it has filed a lawsuit against OpenAI. Now, some fresh details reported by TechCrunch suggests that the Cupertino giant’s federal lawsuit allege that its former engineer continued accessing internal systems after leaving the company by exploiting what Apple describes as a previously unknown authentication vulnerability.

The allegations, if proven, could place one of the AI industry‘s biggest legal disputes at the center of an internal cybersecurity failure rather than just a hiring dispute.

Apple says a zero-day bug opened the door

According to Apple’s complaint filed in the U.S. District Court for the Northern District of California, former system electrical engineer Chang Liu allegedly exploited a rare authentication vulnerability that allowed him to keep accessing Apple’s internal network after accepting a position at OpenAI. Apple claims the flaw effectively functioned as a zero-day because the company was unaware of its existence until after the alleged access occurred.

Apple alleges Liu downloaded dozens of confidential hardware-related documents containing engineering presentations, technical specifications, unreleased product details, and proprietary project information. The lawsuit also claims Liu retained an Apple-issued laptop after leaving the company and later discovered he could still reach Apple’s cloud-based engineering repository through the authentication flaw. Apple says it has since fixed the vulnerability and terminated the remaining access.

The complaint further alleges Liu accessed Apple systems using the work laptop of another Apple employee, Yu-Ting Peng, who later joined OpenAI. Apple claims Liu informed Peng after discovering the continued access, allegedly writing, “LOL, I found out I can access the [network storage], so funny.” The tech giant also alleges Liu failed to report the vulnerability or delete the software that enabled the access, despite obligations under his employment agreement.

Apple has not publicly explained the technical nature of the authentication flaw beyond describing it as previously unknown. Authentication vulnerabilities can arise from weaknesses in login systems or failures to fully revoke employee credentials after departure, though Apple has not alleged which specific mechanism was involved. OpenAI has previously said it has “no interest in other companies’ trade secrets.”

The lawsuit remains in its early stages, and the allegations have not been proven in court. Apple has requested a jury trial in the Northern District of California, where the case is expected to proceed if it is not resolved beforehand.

More about the topics: AI, apple, OpenAI

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

User forum

0 messages