Apple Lawsuit Highlights Risks in Employee Offboarding and Data Access

The lawsuit includes allegations that a former employee who went to work for OpenAI exploited an authentication bug to access the company's network after leaving Apple. The company said that it fixed the bug upon learning about it and that only the one former employee exploited the bug when it was active, per the report. When Apple employees interviewed for jobs at OpenAI, the AI startup's hardware head allegedly asked them to show up with something unusual: components they were working on and unreleased product samples. Reporting across outlets tied to the complaint frames these allegations as an example of why organizations prioritize immediate account revocation and strict offboarding controls.
What happened
Apple filed a federal lawsuit accusing OpenAI, io Products, and two former Apple employees of misappropriating trade secrets connected to unreleased hardware. The case is an allegation, not a finding of liability. OpenAI told reporters that it has no interest in other companies' trade secrets and was reviewing the filing. The dispute is unusually significant because Apple and OpenAI remain commercial partners even as OpenAI develops consumer hardware with former Apple design leaders.
What the complaint alleges
Apple says former senior electrical engineer Chang Liu kept an Apple-issued computer after leaving for OpenAI and later accessed internal network folders through a previously unknown authentication vulnerability. According to the complaint descriptions published by AP, Axios, and TechCrunch, Liu downloaded confidential hardware files after his employment ended. Apple says it closed the vulnerability after discovering the access and found from server logs that Liu was the only former employee who exploited it. Those claims remain untested in court, and public reporting does not disclose enough technical detail to determine whether the weakness involved credential deprovisioning, an application flaw, or another access-control failure.
The complaint also alleges that OpenAI hardware chief Tang Tan encouraged Apple employees interviewing for OpenAI roles to bring physical components, prototypes, or design artifacts to interviews. Apple further claims departing staff received guidance about avoiding exit procedures that might immediately remove their access. OpenAI has rejected the premise that it wants competitors' confidential information, while the named defendants have not been found liable for the conduct Apple describes.
Why the security details matter
The allegations connect several controls that are often managed separately: credential revocation, device return, remote access, monitoring of recently departed accounts, and restrictions on moving physical prototypes or design files. Even if the disputed conduct is not proven, the reported sequence shows why an exit checklist alone is insufficient unless each access path is independently disabled and verified. Server-log review was central to Apple's account of the incident, underscoring the value of retaining identity and file-access records long enough to investigate post-employment activity.
What remains unresolved
The lawsuit will have to establish what information was accessed, whether it qualified as protected trade secrets, who knew about any transfer, and whether OpenAI or io Products used it. The public complaint summaries do not establish a broader breach of Apple's systems or show that other former employees used the same vulnerability. Discovery may clarify the authentication failure, the handling of Apple devices and files, and the recruitment communications described in the filing. Until then, the most defensible reading is narrow: Apple has documented detailed allegations around one former employee's access and broader hiring practices, while OpenAI disputes the central accusation.
Key Points
- 1Apple alleges a former engineer retained network access after joining OpenAI and downloaded confidential hardware files through an authentication vulnerability.
- 2The complaint says OpenAI recruitment practices sought Apple components and design artifacts, while OpenAI denies wanting competitors' trade secrets.
- 3The reported incident links employee offboarding, device return, credential revocation, and monitoring to the same alleged loss of confidential information.
Scoring Rationale
The complaint and contemporaneous reporting indicate operational and technical failures that increase breach risk for hardware companies; the issue is material for security and offboarding processes but not yet a confirmed systemic compromise across the industry.
Sources
Primary source and supporting public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems
