Serious security flaw discovered in ChatGPT’s Mac app: OpenAI’s recently launched desktop app for Mac was found to be storing user conversations in plain text, potentially exposing sensitive data to unauthorized access.
Lack of sandboxing and encryption: The app’s security vulnerabilities were highlighted by a user on the social media platform Threads:
- The app was not sandboxed, meaning it could access private user data without explicit permission, bypassing macOS’s built-in defenses that have been in place since version 10.14 (Mojave).
- User conversations with ChatGPT were stored in plain text in an unprotected location, making them accessible to any running app, process, or malware without requiring permission.
OpenAI’s response and app update: Following the public disclosure of the security issue, OpenAI has released an update to the Mac app:
- The update encrypts local chat data, addressing the plain text storage vulnerability.
- However, the app still lacks sandboxing, which would provide an additional layer of security by restricting its access to sensitive user data.
Implications for user trust and sensitive data: The discovery of the security flaw raises concerns about the handling of potentially sensitive information shared with ChatGPT:
- Many users rely on ChatGPT for asking important questions and sorting through issues, often sharing personal data in the process.
- The lack of proper security measures in the Mac app could undermine user trust in OpenAI’s commitment to protecting their data.
Contrasting Apple’s approach in ChatGPT integration: The security issue in the Mac app stands in contrast to Apple’s recent partnership with OpenAI to integrate ChatGPT into Siri queries:
- At WWDC, Apple detailed stringent security measures around the ChatGPT-powered Siri queries, demonstrating a more robust approach to data protection.
- The Mac app’s security flaw highlights the differing standards between OpenAI’s standalone app and the collaborative effort with Apple.
Analyzing deeper: While OpenAI has addressed the plain text storage vulnerability, the lack of sandboxing in the updated app leaves room for further security enhancements. The incident underscores the importance of prioritizing user data protection, especially when dealing with AI-powered tools that handle sensitive information. As ChatGPT and similar AI assistants become increasingly integrated into daily life, ensuring the highest standards of security and privacy will be critical in maintaining user trust and preventing potential data breaches.
Recent Stories
DOE fusion roadmap targets 2030s commercial deployment as AI drives $9B investment
The Department of Energy has released a new roadmap targeting commercial-scale fusion power deployment by the mid-2030s, though the plan lacks specific funding commitments and relies on scientific breakthroughs that have eluded researchers for decades. The strategy emphasizes public-private partnerships and positions AI as both a research tool and motivation for developing fusion energy to meet data centers' growing electricity demands. The big picture: The DOE's roadmap aims to "deliver the public infrastructure that supports the fusion private sector scale up in the 2030s," but acknowledges it cannot commit to specific funding levels and remains subject to Congressional appropriations. Why...
Oct 17, 2025Tying it all together: Credo’s purple cables power the $4B AI data center boom
Credo, a Silicon Valley semiconductor company specializing in data center cables and chips, has seen its stock price more than double this year to $143.61, following a 245% surge in 2024. The company's signature purple cables, which cost between $300-$500 each, have become essential infrastructure for AI data centers, positioning Credo to capitalize on the trillion-dollar AI infrastructure expansion as hyperscalers like Amazon, Microsoft, and Elon Musk's xAI rapidly build out massive computing facilities. What you should know: Credo's active electrical cables (AECs) are becoming indispensable for connecting the massive GPU clusters required for AI training and inference. The company...
Oct 17, 2025Vatican launches Latin American AI network for human development
The Vatican hosted a two-day conference bringing together 50 global experts to explore how artificial intelligence can advance peace, social justice, and human development. The event launched the Latin American AI Network for Integral Human Development and established principles for ethical AI governance that prioritize human dignity over technological advancement. What you should know: The Pontifical Academy of Social Sciences, the Vatican's research body for social issues, organized the "Digital Rerum Novarum" conference on October 16-17, combining academic research with practical AI applications. Participants included leading experts from MIT, Microsoft, Columbia University, the UN, and major European institutions. The conference...