Apple sues OpenAI over alleged trade secret theft via zero-day bug

Original: Apple says former employee exploited ‘rare’ bug to download confidential files after leaving for OpenAI

Why This Matters

The case spotlights critical risks of insider threats and access management gaps when employees transition to rival AI firms.

Apple filed a lawsuit against OpenAI on July 13, 2026, alleging that former Apple employee Chang Liu exploited a previously unknown zero-day authentication bug to download dozens of confidential hardware files weeks after joining OpenAI in early 2026.

Apple filed suit against OpenAI on July 13, 2026, accusing the company of trade secret theft. At the center of the complaint is Chang Liu, a former Apple system electrical engineer who allegedly 'exploited a rare, previously unknown authentication bug' to access Apple's internal network after leaving to work at OpenAI. The zero-day vulnerability — meaning Apple had no patch available at the time — allowed Liu to download 'dozens of Apple's confidential hardware-related files' over several weeks, including 'detailed information about unreleased products, engineering presentations, technical specifications, and proprietary project data.' Apple says it has since fixed the bug and terminated Liu's access upon discovering the breach. Server logs, Apple claims, show Liu was the only individual to exploit this flaw, though the bug could have allowed a 'few other' people access as well. Complicating matters further, Liu allegedly also used the Apple-issued laptop of then-Apple employee Yu-Ting Peng — an acquaintance who later also joined OpenAI — to access Apple systems while he was no longer an employee. Apple also alleges Liu failed to return his own Apple-issued laptop. Apple did not respond to TechCrunch's questions regarding the vulnerability details or when Liu's credentials were decommissioned.

Source

techcrunch.com — Read original →