Apple's Security Breach: Ex-Employee Exploits Bug to Access Confidential Files for OpenAI

TL;DR
- **Apple filed a 41-page lawsuit against OpenAI** on July 10, 2026, accusing the company and two former employees of stealing trade secrets to aid OpenAI's new consumer hardware venture.
- **Former engineer Chang Liu exploited a rare authentication bug** to access Apple's internal network months after leaving, downloading dozens of confidential files including a 1,000-page technical compilation while working at OpenAI.
- **The suit also targets Tang Yew Tan**, Apple's former VP of Product Design, alleging he systematically used insider knowledge and confidential supplier data to benefit OpenAI during job interviews and product development.
The Incident: How a Rare Bug Led to a Massive Data Breach
The tech world is bracing for a major legal showdown as Apple has sued OpenAI, alleging a coordinated scheme to steal proprietary information for the AI giant's first consumer hardware device. The lawsuit, filed in the U.S. District Court for the Northern District of California, centers on the actions of two former Apple employees who allegedly misappropriated trade secrets shortly after transitioning to OpenAI.
The breach was triggered by Chang Liu, a former senior system electrical engineer who spent eight years on Apple’s iPhone team. According to Apple’s complaint, Liu failed to return a company-issued MacBook upon his departure. Months later, while already employed at OpenAI, he discovered he could still access Apple’s cloud-based network storage due to an authentication vulnerability that Apple had not yet identified.
Liu reportedly celebrated the breach in a message to a former colleague, writing, “LOL, I found out I can access the [network storage], so funny,” before proceeding to download dozens of confidential files. These files included unreleased product details, engineering presentations, and technical specifications, with one single compilation containing over 1,000 pages of confidential technical material.
The Second Defendant: A Systematic Campaign of IP Theft
The lawsuit does not stop at Liu; it also names Tang Yew Tan, who previously served as Apple’s Vice President of Product Design for the iPhone and Apple Watch after a 24-year tenure at the company. Tan is now OpenAI’s Chief Hardware Officer.
Apple alleges that Tan engaged in a systematic and calculated campaign of trade secret theft. The complaint claims Tan used his insider knowledge of confidential Apple projects to grill job candidates during OpenAI interviews, soliciting updates on projects with specific codenames. Furthermore, Tan allegedly emailed himself information regarding Apple’s suppliers and industry insights before his exit, and later requested hardware and components from Apple facilities for demonstrations to aid OpenAI’s development.
The suit alleges that Tan’s actions, combined with Liu’s exploitation of the bug, were part of a concerted effort to pilfer Apple’s proprietary information, which encompasses product designs, manufacturing techniques, and supply chain methodologies.
Apple’s Response and Legal Demands
Apple’s legal response is aggressive, seeking a preliminary injunction that would mandate the defendants to preserve evidence, halt the use of any Apple technologies, and return all trade secrets to the company. The 41-page filing, submitted on July 10, 2026, demands a jury trial, money damages, and court orders blocking OpenAI from holding, using, or sharing any of the stolen material.
Specifically, Apple is seeking:
- Return of all property and confidential material.
- Damages, including punitive damages and exemplary damages for willful misappropriation.
- A reasonable royalty for the use of Apple’s intellectual property.
- An order requiring the preservation of evidence to prevent further loss.
The lawsuit names five defendants: Chang Liu, Tang Yew Tan, OpenAI Foundation, OpenAI Group PBC, and io Products, the hardware startup OpenAI acquired from legendary Apple designer Jony Ive.
Implications for Data Protection in the Tech Industry
This incident underscores critical vulnerabilities in employee offboarding and network access protocols. The fact that Liu retained access to internal servers months after leaving highlights a potential failure in revoking authentication credentials, a common issue in large tech organizations where access management can be complex.
Furthermore, the breach reveals the risks associated with rare, unknown authentication bugs. Liu exploited a vulnerability Apple did not yet know existed, suggesting that even well-secured networks can have blind spots that former employees with insider knowledge might discover.
The case also signals a new era of tension between AI companies and traditional hardware manufacturers. As OpenAI pivots into consumer hardware, the competition for talent and intellectual property is intensifying. Apple’s lawsuit serves as a warning that poaching talent and allegedly taking trade secrets along with them will face severe legal repercussions.
Until OpenAI files a formal response, the allegations remain unproven, but the case has already forced a dramatic escalation in the simmering tensions between the two tech giants. The court process could potentially force OpenAI to open its internal records, revealing the extent of the alleged theft and the integration of Apple’s technology into OpenAI’s hardware ambitions.
Get All The Latest Updates Delivered Straight To Your Inbox For Free!