The Message That Says It All
“LOL, I found out I can access the [network storage], so funny.”

That one line, allegedly sent by a former Apple engineer to a colleague still inside the company, might be the most casually damning piece of evidence in what has quickly become the biggest trade secrets lawsuit in Silicon Valley. The engineer — Chang Liu, a system electrical engineer who left Apple for OpenAI — had just discovered he could still pull files from Apple’s internal servers weeks after his departure. Instead of reporting it, he laughed about it, downloaded dozens of confidential documents, and allegedly kept right on accessing Apple’s data from OpenAI’s offices.
If you manage IT systems, that sentence should send a chill down your spine. Because the scariest part isn’t that Liu allegedly stole trade secrets. It’s that the window was never supposed to be open in the first place.
What Actually Happened: A Zero-Day Bug in the Offboarding Process
Apple’s initial trade secrets lawsuit against OpenAI, filed on July 10, was already a bombshell. But the newly revealed details, published in Apple’s 41-page complaint, layer on stunning specifics about how the alleged data theft actually went down.
According to Apple, Liu discovered a previously unknown authentication vulnerability — a zero-day bug, in security parlance — that let him reach Apple’s shared network storage long after his employee credentials should have been deactivated. Apple says it has since patched the bug and claims server logs show that Liu was the only person to exploit it after leaving the company. But the implications are far broader than this single case.
A zero-day vulnerability in an authentication system is the kind of thing security teams have nightmares about. It means the login process itself was flawed in a way that nobody — not Apple’s engineers, not its internal security auditors — caught before it was exploited. And in this case, it wasn’t exploited by an external hacker. It was exploited by a former employee who had legitimate access once, and whose access should have been completely revoked.
The complaint also alleges that Liu failed to return his Apple-issued work laptop and told colleagues he had “another computer.” He allegedly used a colleague’s Apple-issued laptop, that of Yu-Ting “Alyssa” Peng — who was still employed at Apple — to access the company’s internal systems while he was already working for OpenAI. Peng later left for OpenAI herself and is not named as a defendant.
This is every IT manager’s worst offboarding scenario: credentials that weren’t properly deactivated, a zero-day bug that provided a backdoor, and a company-issued laptop that was never recovered.
The Culture Question: ‘Normalized and Exemplified by Leadership’
One of the more striking accusations in Apple’s complaint is that OpenAI’s alleged behavior regarding trade secrets wasn’t just tolerated — it was, in Apple’s words, “normalized and exemplified by leadership.” The complaint describes what reads like a coordinated operation:
- OpenAI allegedly coached departing Apple employees on how to avoid giving notice through the so-called “dreaded walkout” — Apple’s practice of immediately terminating employees who submit resignations, which would cut off access to Apple’s systems before they could gather data.
- Job candidates who still worked at Apple were allegedly asked to bring “actual parts,” prototypes, and design artifacts to interviews at OpenAI for “show and tell sessions.” One candidate expressed surprise, saying he “didn’t even know we could take those from the office.”
- Departing employees were told to contact OpenAI “asap” if Apple asked them to sign anything during exit interviews — and advised not to sign.
Apple also alleges that io, the design firm founded by former Apple chief design officer Jony Ive that was acquired by OpenAI last year in a $6.5 billion deal, used Apple’s proprietary metal-finishing techniques by misleading an Apple partner. The complaint states that OpenAI “approached a supplier using its confidential information about design and components related to power and batteries, even using internal terminology that only Apple-insiders would know to ask.”
If even half of these allegations hold up in court, the picture they paint is of an organization that systematically treated a competitor’s confidential information as fair game.
400 Former Apple Employees — and the Tip of the Iceberg
Perhaps the most jaw-dropping number in the complaint: Apple says there are now over 400 former Apple employees working at OpenAI. Think about that for a second. Four hundred people who once had access to Apple’s internal systems, product roadmaps, supply chain relationships, and engineering practices now work for one of Apple’s most direct competitors in the AI hardware space.
Apple is blunt about where this is headed. “This is the tip of the iceberg,” the complaint states, arguing that the discovery process will uncover far more instances of alleged misappropriation. “Discovery will expose that the misappropriation has been occurring on a scale many times greater than the several instances described below.”
The 400-employee number alone should be a wake-up call for any organization that’s lost talent to a competitor. The movement of people between companies isn’t just a talent flow — it’s an information flow. When a competitor hires hundreds of your former employees, the question isn’t whether sensitive knowledge moves with them. The question is which safeguards were in place, and which ones failed.
What This Means for the Rest of Us
I’ve spent years managing IT systems and access controls, and this case hits close to home on several levels. The lessons here apply whether you’re running a 50-person government IT division (which I do) or a trillion-dollar tech giant.
1. Offboarding is a security function, not an HR checklist item. If Apple — a company famous for its security obsession — had a former employee accessing its network two weeks after leaving, your organization almost certainly has similar gaps. Every departing employee’s credentials, VPN access, and cloud permissions must be audited and revoked immediately. Not at the end of the week. Immediately.
2. Recover hardware before it becomes a liability. Liu still had his Apple-issued laptop, and allegedly a second Apple computer. If an IT policy allows departing employees to keep their devices for even a few extra days, those devices become a threat vector. As we discussed in our supply chain security guide, physical hardware that isn’t accounted for is an open door.
3. Zero-days can exist in your authentication pipeline. Apple’s authentication bug wasn’t in a third-party library — it was in their internal authentication system. The fact that it went undetected until exploited by an insider shows that even the best engineering teams have blind spots. Regular security audits and access reviews aren’t optional — they’re the only way to catch these gaps before someone else does.
4. The talent wars amplify the insider threat. When companies like OpenAI are aggressively hiring from competitors — 400 employees is a staggering number — the risk of institutional knowledge transfer multiplies. This isn’t about assuming bad faith from every new hire. It’s about recognizing that information wants to travel, and your systems need to be designed so that departure means immediate, complete separation.
5. Culture matters, legally. The allegation that OpenAI “normalized and exemplified” this behavior from the top is significant. It suggests that corporate culture around intellectual property isn’t just an HR talking point — it can become evidence in a lawsuit. As we saw with the npm supply chain attack, trust in the software and people you depend on is both essential and fragile.
What Happens Next
Apple has demanded a jury trial, and the case is filed in the U.S. District Court for the Northern District of California in San Jose. OpenAI has responded with a brief statement: “We have no interest in other companies’ trade secrets. We remain focused on building innovative technology that empowers people everywhere.”
The case could begin this year, and if Apple’s “tip of the iceberg” warning is accurate, we’re only seeing the beginning of what could become a landmark legal battle over talent mobility, trade secrets, and the lengths companies will go to in the AI arms race.
For the rest of us — the IT managers, developers, and security professionals who don’t work in Cupertino or San Francisco but still manage critical systems — the lesson is simpler. Check your offboarding process. Audit who still has access. And if you ever read “LOL, I found out I can access the network storage” in your server logs, don’t laugh. Act.