TL;DR

OpenAI’s ChatGPT desktop app for Mac experienced a security breach involving two employee devices. The company is rolling out a software update, but the full details and timeline remain unclear.

OpenAI has confirmed a security breach involving two employee devices that impacted the ChatGPT desktop app for Mac. The company is currently rolling out a software update to address the issue, with a full update expected by June 12. This incident highlights ongoing security concerns related to the app, which is widely used by Mac users for accessing ChatGPT.

According to a report by 9to5Mac, OpenAI identified malicious activity linked to a security vulnerability involving a widely-used open-source library. The breach affected two employee devices, but the company states that no user data was accessed or compromised. In a blog post, OpenAI said, “Upon identification of the malicious activity, we worked quickly to investigate, contain and take steps to protect our systems.”

The company has hired a third-party digital forensics firm to investigate the incident further. OpenAI emphasized that only limited credential material was exfiltrated from code repositories and that no other information or code was impacted. Mac users are advised to update the app promptly when prompted, while users on other platforms like Windows and iOS are unaffected and do not need to take action at this time.

This is not the first security concern related to the ChatGPT Mac app; in 2024, it was revealed that user conversations were stored locally in plain text rather than being encrypted, raising privacy issues.

Why It Matters

This incident underscores ongoing cybersecurity risks associated with widely used AI applications and the importance of rapid response and transparency from companies like OpenAI. For users, it highlights the need to keep software updated and remain vigilant about security alerts. The breach also raises questions about the security of open-source components integrated into proprietary applications, which are common in software development.

Bitdefender Total Security 2026 – Complete Antivirus and Internet Security Suite – 5 Devices | 1 Year Subscription | PC/Mac | Activation Code by Mail

Bitdefender Total Security 2026 – Complete Antivirus and Internet Security Suite – 5 Devices | 1 Year Subscription | PC/Mac | Activation Code by Mail

SPEED-OPTIMIZED, CROSS-PLATFORM PROTECTION: World-class antivirus security and cyber protection for Windows (Windows 7 with Service Pack 1, Windows…

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Background

OpenAI’s ChatGPT Mac app has been popular among users since its launch, offering a native desktop experience. Previous security issues, such as the 2024 incident involving local data storage, have raised concerns about user privacy. The current breach involves a compromised open-source library, a common vector for cyberattacks, which has affected many organizations across the tech industry.

“We confirmed that only limited credential material was successfully exfiltrated from these code repositories and that no other information or code was impacted.”

— OpenAI spokesperson

“The breach involved malicious activity on two employee devices linked to a security vulnerability involving a widely-used open-source library.”

— 9to5Mac report

Amazon

Mac open-source library security tools

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

What Remains Unclear

It is not yet clear how the malicious activity was initially triggered or whether additional devices or systems were potentially affected. The full scope of the breach and the specific open-source library involved remain undisclosed, and OpenAI has not provided a detailed timeline beyond the current update rollout.

McAfee Total Protection 5-Device | AntiVirus Software 2026 for Windows PC & Mac, AI Scam Detection, VPN, Password Manager, Identity Monitoring | 1-Year Subscription with Auto-Renewal | Download

McAfee Total Protection 5-Device | AntiVirus Software 2026 for Windows PC & Mac, AI Scam Detection, VPN, Password Manager, Identity Monitoring | 1-Year Subscription with Auto-Renewal | Download

DEVICE SECURITY – Award-winning McAfee antivirus, real-time threat protection, protects your data, phones, laptops, and tablets

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

What’s Next

OpenAI will continue its investigation with the third-party firm and is expected to release a detailed report once the full scope is understood. The company will also implement additional security measures to prevent similar incidents in the future. Users should update their app promptly and stay informed about further guidance from OpenAI.

Security Patch, 2 Pcs Reflective Security Hook and Loop Patch for Vest Printed Letters Embroidery Patches for Officer Guard Custom Uniforms Vest, Jacket, Carrier, Bag, Hat (Black, 1 Small and 1 Large)

Security Patch, 2 Pcs Reflective Security Hook and Loop Patch for Vest Printed Letters Embroidery Patches for Officer Guard Custom Uniforms Vest, Jacket, Carrier, Bag, Hat (Black, 1 Small and 1 Large)

【Package Content】The package contains two security patches for vest, one small (5.5 x 2.5 inches) and one large…

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Key Questions

What exactly was compromised in the breach?

OpenAI states that only limited credential material was exfiltrated, and no user data or code was accessed. The full details of what was compromised are still being investigated.

Should I uninstall or stop using the ChatGPT Mac app?

No, users are advised to update the app when prompted. There is no indication that the app should be uninstalled or that it is unsafe to use after the update.

Will my data be affected or stolen?

OpenAI has confirmed that no user data was accessed or compromised during this breach.

When will the full update be available to all users?

The company has announced that the update will roll out to all users by June 12, 2024.

This is a separate incident from the 2024 local data storage issue, but it highlights ongoing security challenges for the app.

You May Also Like

Why I’m leaving GitHub for Forgejo

A developer explains moving from GitHub to Forgejo, citing ownership, trust, and AI data concerns, amidst GitHub’s outages and corporate changes.

A security researcher says Microsoft secretly built a backdoor into BitLocker, releases an exploit to prove it

A researcher alleges Microsoft secretly inserted a backdoor into BitLocker encryption, releasing an exploit to demonstrate it. Details remain under investigation.

Gnutella: A Protocol Outliving the World That Created It

Gnutella, the pioneering peer-to-peer file sharing protocol, continues to operate today despite mainstream decline, highlighting its resilience and enduring legacy.

I’m Getting into Mesh Networks (Meshtastic, MeshCore, and Reticulum)

A detailed overview of recent developments in mesh networking with Meshtastic, MeshCore, and Reticulum, highlighting confirmed facts and future implications.