OpenAI Addresses Security Breach in ChatGPT Mac App After Employee Devices Compromised
OpenAI recently disclosed a security breach affecting its ChatGPT app for Mac, stemming from a compromised open-source library. According to a report by 9to5Mac, two employee devices were impacted, though the company stated no user data was accessed and no systems were compromised.
The incident was detected after malicious activity was identified in a widely used open-source code repository. OpenAI responded swiftly, containing the threat and launching an investigation with a third-party digital forensics firm. The company confirmed that only limited credential material was exfiltrated, with no other code or information affected.
A software update addressing the issue is currently rolling out, with full distribution expected by June 12. Mac users are advised to install the update when prompted, while Windows and iOS users remain unaffected. OpenAI plans to provide further guidance at a later date.
This is not the first security concern for the ChatGPT Mac app in early 2024, a developer discovered that the app stored user conversations locally in plain text rather than encrypting them.
OpenAI TPRM report: https://www.rankiteo.com/company/openai
"id": "ope1778783864",
"linkid": "openai",
"type": "Breach",
"date": "5/2026",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Artificial Intelligence',
'name': 'OpenAI',
'type': 'Company'}],
'attack_vector': 'Compromised open-source library',
'customer_advisories': 'Mac users are advised to install the update when '
'prompted',
'data_breach': {'data_exfiltration': 'Yes',
'type_of_data_compromised': 'Credential material'},
'description': 'OpenAI disclosed a security breach affecting its ChatGPT app '
'for Mac, stemming from a compromised open-source library. Two '
'employee devices were impacted, but no user data was '
'accessed, and no systems were compromised. The incident was '
'detected after malicious activity was identified in a widely '
'used open-source code repository.',
'impact': {'data_compromised': 'Limited credential material',
'systems_affected': 'Two employee devices'},
'investigation_status': 'Ongoing',
'post_incident_analysis': {'corrective_actions': 'Software update addressing '
'the issue',
'root_causes': 'Compromised open-source library'},
'recommendations': 'Mac users are advised to install the software update when '
'prompted',
'references': [{'source': '9to5Mac'}],
'response': {'communication_strategy': 'Advisory to Mac users to install the '
'update',
'containment_measures': 'Swift containment of the threat',
'incident_response_plan_activated': 'Yes',
'remediation_measures': 'Software update addressing the issue',
'third_party_assistance': 'Digital forensics firm'},
'title': 'OpenAI Security Breach in ChatGPT Mac App Due to Compromised '
'Open-Source Library',
'type': 'Supply Chain Attack',
'vulnerability_exploited': 'Malicious activity in open-source code repository'}