5
min read
July 17, 2026

The Apple-to-OpenAI Trade Secret Dispute: The Realities of Insider Risk

A recent lawsuit filed by Apple against two former employees Tang Yew Tan and Chang Liu, who allegedly exfiltrated proprietary trade secrets before joining OpenAI. 

This case highlights a growing challenge for enterprise security. It also underscores how modern, highly collaborative environments can enable insider risk incidents, and simplify the unauthorized movement of sensitive intellectual property by trusted insiders.

What Happened

According to the complaint, the former Apple employees allegedly transferred a significant volume of proprietary files — including details on artificial intelligence developments and hardware designs — to personal storage and external accounts shortly before resigning to join OpenAI. 

This incident is part of a broader trend of high-profile exfiltrations across the technology sector, where valuable intellectual property is moved by departing staff using standard, authorized access paths. 

Some valuable information includes supplier info, which Apple has traditionally carefully guarded. Tan and Liu used this information to benefit the upcoming production of OpenAI’s new consumer hardware device. 

Why This Is Different

Traditional cybersecurity strategies are primarily built to defend against external actors attempting to exploit system vulnerabilities, bypass firewalls, or compromise credentials. 

However, insider threat incidents, such as the one described in the Apple lawsuit, represent a fundamentally different challenge. The actor already possesses legitimate, authenticated access to corporate systems. 

Because identity providers and traditional boundary security models focus heavily on verifying identity rather than auditing intent, authorized employees can exfiltrate massive datasets without triggering standard intrusion detection mechanisms

In this case, the intrusion relied on a corporate laptop that was not returned that still had access to a network drive. Non-SaaS base systems have their pros and cons, and in this case the con was that shutting down access to a former employee was not done thoroughly and promptly due to a lack of quality reporting to the security team. 

The Social Aspect

Aside from the network storage access on the corporate laptop, this was also a social engineering breach. The former employees not only got information from their own corporate devices, but also from interviewing prospective candidates from Apple that wished to join OpenAI. 

What makes this case a little different is that according to the lawsuit, Apple argues that “the sketchy, self-serving behavior exemplified by Tan and Liu mirrors “a coordinated pattern of misconduct at an institutional level.” It claims that “such misconduct is normalized and exemplified by leadership” at OpenAI. 

Apple claims to have evidence of such misconduct “across seniority levels, technical disciplines, and departments at OpenAI.” Tan used the prestige of OpenAI to gather as much info as he could from prospective candidates, and especially ones that ended up being hired.

Why Insider Risk Is Especially Challenging in the Technology Industry

The Apple lawsuit also highlights why insider risk is uniquely difficult for technology companies. Unlike many industries where institutional knowledge accumulates over long careers at a single organization, the technology workforce is highly mobile. 

Engineers, researchers, and product leaders frequently move between competitors, join early-stage startups, or launch companies of their own. While this movement fuels innovation, it also increases the risk that sensitive data like  intellectual property, source code, product roadmaps, AI models, and engineering designs leave the organization alongside departing employees.

The challenge is not simply that employees possess valuable knowledge. They also understand the systems they work in. Technical employees know where sensitive data lives, how it is organized, which repositories contain the highest-value information, and how to access and move that data using legitimate permissions. Because these actions often occur under authorized accounts before an employee's departure — or, as alleged in this case, through access that was never fully revoked — they can blend into normal business activity and evade traditional security controls.

Former employees therefore represent one of the highest-risk populations organizations must manage. Access that persists after employment ends, dormant credentials, overlooked shared drives, forgotten cloud storage permissions, and unmanaged devices can all create opportunities for unauthorized access long after an employee has left the company. 

As organizations adopt more SaaS applications and AI-powered collaboration tools, the potential impact of these oversights only increases. Reducing this risk requires more than a strong offboarding checklist. 

Organizations need:

  • continuous visibility into who has access to sensitive data
  • automated revocation of access when employment status changes
  • monitoring for unusual data movement by departing employees
  • governance controls that continuously validate or remediate permissions rather than relying on periodic audits

Effective insider risk management is ultimately about ensuring that access reflects current business need — not historical permissions.

Lessons for Security Teams

The Apple lawsuit reinforces an important reality: insider risk is rarely the result of a single security failure. More often, it stems from a series of governance gaps that compound over time — stale permissions, incomplete offboarding, unmanaged devices, excessive access privileges, or a lack of visibility into how sensitive data is being accessed and moved.

To reduce the risk of data exfiltration by departing employees, organizations must move beyond static compliance checks and adopt continuous, identity-centric monitoring. Security teams should evaluate their security posture against several critical questions:

Are we alerted when something doesn't look right?

According to Apple's complaint, the employees appear to have been terminated from Apple for over a year by the time the Apple network storage was accessed illegally!

Whether caused by incomplete offboarding or another administrative oversight, access by former employees should immediately trigger high-priority alerts. Timely detection of unauthorized access attempts can dramatically reduce the scope and duration of an incident.

Do we have sufficient controls around high-risk actions?

Bulk downloads, mass file transfers, external sharing changes, and uploads to personal storage are all insider risk behaviors that warrant additional scrutiny. Organizations should require stronger authentication for sensitive actions, enforce phishing-resistant multi-factor authentication, and introduce human approval workflows where appropriate to prevent unauthorized data movement.

Are permissions continuously aligned with business need?

Access should never be considered permanent. As employees change roles, join new teams, or leave the organization, permissions should be automatically reviewed and adjusted. Continuous access governance helps eliminate stale accounts and excessive privileges before they become insider risk exposures.

Ultimately, organizations cannot prevent employees from changing jobs, but they can ensure that sensitive data remains protected throughout the employee lifecycle. Combining strong identity governance, continuous monitoring, automated offboarding, and proactive access controls significantly reduces the likelihood that valuable intellectual property walks out the door with departing employees.

Conclusion

The Apple–OpenAI trade secret dispute is more than a legal battle between two technology companies — it serves as a reminder that some of an organization's greatest security risks come from individuals who already have legitimate access to its most valuable information. 

As employee mobility continues to accelerate and AI drives unprecedented innovation, protecting intellectual property requires more than perimeter defenses. The world is changing; and the way that data is protected must change with it.

Albert is DoControl's Principal Solutions Engineer, where he leverages his extensive background in both pre-sales and post-sales consulting to help organizations strengthen their data protection strategies. Albert has built a reputation as a trusted technical consultant who bridges the gap between complex security solutions and real-world business needs.

His unique background in technical support has proven invaluable in winning customer trust, demonstrating his ability to translate technical expertise into measurable business outcomes. He brings this same combination of technical depth and customer-focused thinking to his writing, offering practical insights for security and IT professionals navigating the evolving SaaS security landscape.

Get updates to your inbox

Our latest tips, insights, and news
Tablet top edge with front camera and purple slider control with four dots.