Apple has initiated a lawsuit against OpenAI, alleging the artificial intelligence giant engaged in the theft of trade secrets and sought to acquire proprietary information by recruiting former Apple employees. The legal action centres on claims that a former Apple system electrical engineer, Chang Liu, exploited a previously unknown authentication flaw to access and download confidential company files weeks after he had departed Apple to join OpenAI.
According to Apple's complaint, Mr. Liu allegedly exploited a "rare, previously unknown authentication bug," classified as a zero-day vulnerability, to gain unauthorised access to Apple's network. This flaw reportedly allowed him to download "dozens of Apple's confidential hardware-related files." These files are said to have contained detailed information about unreleased products, engineering presentations, technical specifications, and proprietary project data. Apple has stated that it has since fixed the bug and terminated Mr. Liu's access once the security breach was discovered.
The lawsuit further claims that during February 2026, Mr. Liu attempted to access Apple's cloud-based file repository, which holds confidential engineering files and project documentation. Apple alleges that he discovered he could still access this network repository after leaving the company due to the then-unknown authentication vulnerability. The company also states that Mr. Liu failed to return his Apple-issued work laptop and later allegedly misused the access credentials of an acquaintance, Yu-Ting Peng, who was then an Apple employee and later also joined OpenAI.
This disclosure, while lacking extensive technical specifics regarding the bug itself, underscores the significant challenges businesses face in safeguarding sensitive corporate data once employees transition to new roles or companies. Organisations typically implement immediate measures to revoke access for departing staff to prevent any information from leaving, whether intentionally or inadvertently. Failures in fully decommissioning employee accounts can lead to future security vulnerabilities, data breaches, or malicious actions.
The incident highlights the critical importance of robust offboarding procedures and continuous security audits for all companies, particularly those operating in highly competitive and innovation-driven sectors. The legal proceedings are expected to delve deeper into the nature of the alleged exploitation and the measures Apple had in place to protect its intellectual property.