L'essentiel
- OpenAI's ChatGPT Mac app experienced a security breach affecting two employee devices due to a compromised open-source library.
- The company states no user data was accessed and is rolling out a software update to Mac users.
Résumé généré par IA
Pourquoi c'est important
OpenAI's ChatGPT app for Mac has experienced a security breach impacting two employee devices. The breach originated from a compromised open-source library. OpenAI is issuing a software update to address the issue.
OpenAI's ChatGPT app for Mac just experienced a security breach involving two employee devices, according to a report by 9to5Mac. The company is issuing a software update to users that's rolling out now, but won't arrive for everyone until June 12.
The why of it all is a bit convoluted, stemming from a security issue involving open-source code. A widely-used open-source library was compromised and two devices at the company were impacted. "Upon identification of the malicious activity, we worked quickly to investigate, contain and take steps to protect our systems," the company wrote in a blog post.
To that end, OpenAI says it has found no evidence that any user data was accessed. It also says that no systems were compromised. It has hired a third-party digital forensics and incident response firm to get to the bottom of things. "We confirmed that only limited credential material was successfully exfiltrated from these code repositories and that no other information or code was impacted," it continued.
Mac users are encouraged to update the app when prompted. Beyond that, OpenAI says that additional guidance will be given at a later date. Users on other platforms, like Windows and iOS, don't have to do anything.
À surveiller
Perspective IA — des possibilités, pas des certitudes
OpenAI will release additional guidance for users regarding the security breach.
Probable · En quelques semaines
Questions ouvertes
- What specific open-source library was compromised?
- What is the name of the third-party digital forensics firm hired by OpenAI?
- What is the exact nature of the 'limited credential material' that was exfiltrated?
- Will there be further updates or actions required from users beyond the software update?






