OpenAI is making headlines every day, and this time for a double security concern. The first issue is in ChatGPT’s Mac app, while the second points to broader concerns about how the company manages its cybersecurity.
Earlier this week, engineer and Swift developer Pedro José Pereira Vieito Mac ChatGPT has discovered that it stores application and user chats locally in plain text rather than encrypting them. The app is only available on OpenAI’s website and does not have to comply with Apple’s sandboxing requirements because it is not available in the App Store. Vieito’s case was later covered and after the exploit gained attention, OpenAI released an update that added encryption to locally stored conversations.
For the non-developers out there, sandboxing is a security practice that prevents potential vulnerabilities and failures from spreading from one application to another on a machine. For non-security professionals, storing local files in plain text means that potentially sensitive data can be easily viewed by other programs or malware.
The second issue occurred in 2023, with consequences that have a ripple effect that continues today. Last spring, a hacker gained access to information about OpenAI after illegally accessing the company’s internal messaging systems. OpenAI technical program manager Leopold Aschenbrenner raised security concerns with the company’s board of directors, arguing that the hack implied internal vulnerabilities that could be exploited by external adversaries.
Aschenbrenner now says he was fired for disclosing information about OpenAI and exposing the company’s security concerns. A representative of OpenAI said The Times “While we share his commitment to building secure AGI, we disagree with many of the claims he makes about our work,” adding that his speech was not the result of a news leak.
Application vulnerabilities are something every technology company experiences. Breaches by hackers are depressingly common, as are contentious relationships between whistleblowers and their former employers. However, in between how widely adopted ChatGPT is how chaotic the services and the company are , and These latest issues begin to paint a more troubling picture of how OpenAI can manage its data.
