NAIROBI, Kenya- OpenAI, the AI powerhouse behind ChatGPT, is once again in the headlines, but this time for all the wrong reasons.
The company is grappling with two major security issues: a vulnerability in the ChatGPT Mac app and broader concerns about its overall cybersecurity practices.
Earlier this week, engineer and Swift developer Pedro José Pereira Vieito made a startling discovery about the ChatGPT Mac app.
He found that the app was storing user conversations locally in plain text rather than encrypting them.
This revelation, covered by The Verge, raised eyebrows because it meant that potentially sensitive data could be easily accessed by other apps or malware on the same machine.
For those less familiar with the technical jargon, here’s a quick rundown: storing files in plain text means they are not encrypted, making them vulnerable to unauthorized access.
Additionally, since the ChatGPT Mac app is only available from OpenAI’s website and not the App Store, it bypasses Apple’s sandboxing requirements.
Sandboxing is a security measure that isolates applications to prevent vulnerabilities from spreading. After the exploit came to light, OpenAI swiftly released an update to encrypt the locally stored chats.
Internal Breach: A 2023 Hack with Lasting Impact
The second security concern harks back to a 2023 incident with lingering repercussions.
A hacker accessed OpenAI’s internal messaging systems, uncovering information about the company.
This breach raised alarm bells internally, with OpenAI technical program manager Leopold Aschenbrenner flagging it as a sign of deeper vulnerabilities.
He warned the board of directors that such weaknesses could be exploited by foreign adversaries.
These incidents, while not uncommon in the tech world, are particularly concerning given OpenAI’s prominent role in integrating AI into major services.
From app vulnerabilities to internal breaches, these issues cast a shadow over OpenAI’s ability to manage and protect its data.
Security flaws and whistleblower disputes aren’t new in tech, but when they involve a company at the forefront of AI innovation, they carry extra weight.
OpenAI’s rapid adoption across various sectors underscores the importance of robust security measures and transparent practices.
As these challenges unfold, they paint a worrying picture of potential risks and the need for stronger oversight.