OpenAI makes headlines almost daily, but this time it’s due to two security concerns. The first issue concerns ChatGPT’s Mac app, while the second points to broader concerns about how the company handles cybersecurity.
Earlier this week, engineer and Swift developer Pedro Jose Pereira Bieito An investigation into the Mac ChatGPT app found that it stored user conversations locally in plaintext, without encryption. The app is only available from the OpenAI website, not the App Store, so it is not subject to Apple’s sandbox requirements. Vieito’s research has since After this vulnerability attracted attention, OpenAI released an update that added encryption to locally stored chats.
For those of you who aren’t developers, sandboxing is a security measure that prevents potential vulnerabilities or failures from spreading from one application to others on your machine, and for those of you who aren’t security experts, it means that storing local files in plain text means that potentially sensitive data may be easily visible to other apps or malware.
The second issue occurred in 2023 and has ongoing repercussions: Last spring, hackers gained unauthorized access to OpenAI’s internal messaging system and obtained information about the company. OpenAI’s technical program manager, Leopold Aschenbrenner, reportedly raised security concerns with the company’s board of directors, arguing that the hack suggests internal vulnerabilities that could be exploited by foreign adversaries.
Aschenbrenner now says he was fired for leaking information about OpenAI and raising concerns about the company’s security. An OpenAI representative said: Times “While we share his commitment to building a secure AGI, we disagree with many of the assertions he has made about our work since then,” he said, adding that his departure was not the result of whistle-blowing.
App vulnerabilities are a fact of life for all tech companies, and hacker intrusions are depressingly common, as are whistleblowers and former employers. But given how widely deployed ChatGPT is on the service, and how in disarray the company’s , and are, these recent issues are beginning to paint a more worrying picture about OpenAI’s control over data.
