Apple has filed a lawsuit against a former employee, alleging that he exploited a security vulnerability to access and download confidential company files after leaving the company to join OpenAI.
According to the complaint filed in the US District Court for the Northern District of California, the former employee, identified as Chang Liu, allegedly accessed Apple’s internal systems weeks after his employment ended by exploiting what the company described as a previously unknown authentication bug.
Apple claims Liu downloaded confidential engineering files relating to unreleased products, technical specifications and internal project documentation while working at OpenAI. The company said it has since fixed the security vulnerability and terminated the employee’s access after discovering the breach.
The lawsuit alleges that Liu retained his Apple-issued laptop after leaving the company and continued accessing internal network storage. Apple also claims he used the work laptop of another Apple employee, who later joined OpenAI, to access company systems while she was still employed.
According to the complaint, Apple identified the alleged unauthorised access through server logs and said there was no evidence that others had exploited the same vulnerability.
The case highlights the growing importance of offboarding processes, access management and cybersecurity controls as organisations seek to protect sensitive information when employees leave. Employers typically revoke system access immediately after an employee exits to minimise the risk of unauthorised access to confidential business data.
Apple has alleged that the former employee failed to report the security flaw or return company assets as required under his employment obligations. The company has sought a jury trial and is pursuing legal action over the alleged misappropriation of trade secrets.
OpenAI has not been accused of wrongdoing in the complaint. The company has previously stated that it has no interest in acquiring competitors’ trade secrets.

