Technology

Apple Says Former Employee Stole Secrets Using Hidden Security Flaw After Moving to OpenAI

Martin HollowayPublished 2d ago3 min readBased on 6 sources
Reading level
Apple Says Former Employee Stole Secrets Using Hidden Security Flaw After Moving to OpenAI

Apple is suing OpenAI, claiming that a former engineer named Chang Liu used a hidden security vulnerability to secretly download confidential files about Apple's hardware and products for weeks after he left the company to work for OpenAI.

According to TechCrunch, Liu worked at Apple as a systems engineer before joining OpenAI. In February 2026, he discovered that his access to Apple's online file storage — a cloud system that holds engineering blueprints, project plans, and other proprietary technical information — had never actually been turned off. Think of it like a guest who leaves a house; the door was supposed to be locked behind them, but the lock was broken. The security flaw was unknown to Apple at the time.

Using this flaw, Liu allegedly downloaded dozens of confidential files about unreleased products, manufacturing processes, and engineering details over several weeks. Apple found evidence of the theft through server logs — digital records of who accessed what files and when. The company says no one else exploited this same hole, though it acknowledges the flaw could have allowed others through if they had known about it.

Apple's complaint, reported by TechCrunch and NBC News, also mentions two other ways Liu may have accessed Apple's systems. First, he apparently never gave back his Apple work laptop after leaving, claiming he had another computer instead. Second, he used a laptop belonging to Yu-Ting Peng, another Apple employee who later also moved to OpenAI. Since Peng was still employed by Apple, her access to company systems was still active, and Liu allegedly used her login credentials to reach information he could no longer access on his own.

Apple filed the lawsuit against OpenAI and named both Liu and Peng as defendants. The company alleges that senior leaders at OpenAI directed the theft of trade secrets, according to TechCrunch's reporting. In fact, additional reporting suggests that some OpenAI employees joked internally about having unauthorized access to Apple's systems — which could mean this was not just one person acting alone. The full lawsuit is available on DocumentCloud.

This case reveals something important about how large companies manage employee access to sensitive information. A hidden security flaw that remains undetected long enough for someone to notice and exploit it points to a failure in multiple places at once — not just in the security code, but in how Apple tracked who should have access to what. This is the kind of problem that should be caught during regular security reviews, not discovered months later during a lawsuit.

The part about using someone else's laptop and login credentials is a familiar problem for big companies. It happens when employees leave but their colleague's access to systems doesn't get turned off right away, and someone uses that backdoor. Many organizations have spent years trying to prevent exactly this by automatically cutting off access the moment someone leaves. Apple's complaint suggests that either these safeguards failed or were deliberately bypassed in this case.

Neither Apple nor OpenAI has publicly responded in detail to the specific claims made in the lawsuit. This case is part of a larger trend of legal disputes over trade secrets between traditional hardware companies and AI companies fighting for engineering talent, but the involvement of a real security flaw makes it different from most other cases, which usually focus on documents people took with them or information they remembered.