OpenAI faces double security concerns this week

OpenAI made headlines this week due to two significant security issues, highlighting potential vulnerabilities in its systems.

The first issue involves the Mac app for ChatGPT, which was found by engineer Pedro José Pereira Vieito to be storing user conversations in plain text, without encryption. This discovery, initially reported by The Verge, led to OpenAI releasing an update to add encryption for locally stored chats.

Unlike apps available on the App Store, the Mac ChatGPT app, downloadable only from OpenAI's website, does not follow Apple’s sandboxing requirements, posing additional security risks.

The second issue dates back to 2023 when a hacker accessed OpenAI's internal messaging systems, raising concerns about internal security vulnerabilities. OpenAI’s technical program manager, Leopold Aschenbrenner, brought these issues to the company’s board, suggesting that the breach indicated vulnerabilities that foreign adversaries could exploit. Aschenbrenner now claims he was fired for reporting these security issues, but OpenAI disputes this.

These incidents underscore the challenges OpenAI faces in managing its rapid expansion and maintaining robust security measures, especially as its technologies are increasingly integrated into major platforms and services.