OpenAI, a company known for its advancements in artificial intelligence, has recently come under fire for a series of security vulnerabilities that have put user data at risk. The first issue arose when engineer Pedro José Pereira Vieito discovered that the Mac ChatGPT app was storing user conversations in plain text, leaving them vulnerable to potential breaches. This raised concerns about the company’s handling of cybersecurity, especially since the app does not follow Apple’s sandboxing requirements.
Sandboxing is a crucial security practice that prevents vulnerabilities in one application from spreading to others on a device. Storing data in plain text makes it easy for other apps or malware to access potentially sensitive information, putting user privacy at risk. Fortunately, after Vieito’s findings were brought to light by The Verge, OpenAI released an update that added encryption to locally stored chats, addressing this particular issue.
The second security concern dates back to 2023 when a hacker was able to breach OpenAI’s internal messaging systems, leading to a cascade of consequences that continue to impact the company today. Leopold Aschenbrenner, a technical program manager at OpenAI, raised concerns about the hack and the internal vulnerabilities it exposed, warning of potential exploitation by foreign adversaries. However, Aschenbrenner claims he was subsequently fired for disclosing this information and questioning the company’s security practices.
While app vulnerabilities and data breaches are unfortunately common in the tech industry, the extent of these issues at OpenAI raises significant questions about the company’s ability to protect user data. With ChatGPT being widely adopted by major services and the company’s internal turmoil affecting its public reputation, the recent security incidents paint a troubling picture of OpenAI’s data management practices. It remains to be seen how the company will address these concerns and regain trust from both users and industry experts.
