Apple Confirms Ex-Employee Exploited Bug to Steal Files After Joining OpenAI
A former Apple employee allegedly used a rare software bug to access and download confidential files even after leaving the company for OpenAI.
A rare and apparently undetected vulnerability in Apple's internal systems allowed a former employee to continue accessing and downloading sensitive files well after his departure from the company, according to a report from Yahoo. The individual subsequently joined OpenAI, Apple's high-profile rival in the artificial intelligence space, raising immediate questions about the potential exposure of proprietary data at one of the world's most secretive technology companies.
The incident underscores a persistent and often underappreciated risk in corporate cybersecurity: access revocation failures. Even when an employee formally exits an organization, residual permissions or unpatched vulnerabilities can leave internal systems exposed for weeks, months, or longer. For a company like Apple, whose competitive advantage rests heavily on hardware secrecy and software innovation, any unauthorized access to internal files carries outsized strategic implications.
Read more 12 States Sue to Block Paramount-Warner Bros. Discovery Merger →
The timing of the alleged breach adds another layer of complexity. The former employee's move to OpenAI, a company now in direct competition with Apple across AI features and infrastructure, inevitably sharpens scrutiny over what files may have been accessed and whether any information could inform competing development efforts. Apple declined to comment on what it characterized as a security breach, leaving the full scope of the incident unclear.
What Apple did confirm is that the bug exploited was described as "rare," suggesting the vulnerability was not a commonplace oversight but rather a sophisticated or unusual gap in their access management architecture. That framing may be intended to limit reputational damage, though security professionals will likely debate whether rarity diminishes institutional responsibility for its existence.
The case is likely to intensify debate around employee off-boarding protocols and zero-trust security models across the tech industry, particularly as talent increasingly flows between competing AI labs and legacy technology giants. Continue reading at Yahoo.