The ChatGPT desktop app for Mac just got hit with a security breach

OpenAI’s ChatGPT desktop app for Mac has been affected by a security breach involving two employee devices, prompting the company to release a security update to users.

According to a report by 9to5Mac, OpenAI identified malicious activity linked to a security issue involving open-source code and two employee devices. The company responded swiftly, investigating and taking steps to contain the breach. OpenAI has stated that no user data was accessed and that no systems were compromised during the incident.

The company is issuing a software update to address the issue, which is currently rolling out to users. However, the update will not be available to all Mac users until June 12. Users on other platforms, such as Windows and iOS, do not need to take any immediate action.

OpenAI has engaged a third-party digital forensics firm to assist with the investigation and has confirmed that only limited credential material was exfiltrated from code repositories, with no other information or code impacted.

Why It Matters

This incident highlights ongoing security challenges faced by companies developing AI tools and desktop applications. Although no user data was accessed, the breach underscores the importance of cybersecurity measures, especially when open-source components are involved. For Mac users of ChatGPT, the incident emphasizes the need to keep software updated promptly to mitigate potential risks.

Background

This is not the first security issue associated with the ChatGPT Mac app. In 2024, it was reported that the app stored user conversations locally in plain text rather than encrypting them, raising privacy concerns. The current breach appears to be related to vulnerabilities in open-source code used within the app’s infrastructure.

“Upon identification of the malicious activity, we worked quickly to investigate, contain and take steps to protect our systems.”

— OpenAI spokesperson

“We confirmed that only limited credential material was successfully exfiltrated from these code repositories and that no other information or code was impacted.”

— OpenAI blog

McAfee Total Protection 5-Device | AntiVirus Software 2026 for Windows PC & Mac, AI Scam Detection, VPN, Password Manager, Identity Monitoring | 1-Year Subscription with Auto-Renewal | Download

DEVICE SECURITY – Award-winning McAfee antivirus, real-time threat protection, protects your data, phones, laptops, and tablets

AmazonView Latest Price

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

What Remains Unclear

It remains unclear how the open-source library was compromised or whether similar vulnerabilities exist in other parts of OpenAI’s infrastructure. Details about the specific nature of the malicious activity and the full scope of the breach are still emerging.

What’s Next

OpenAI plans to continue its investigation with the help of third-party cybersecurity firms. The company will release further guidance and updates as they become available, and users are advised to install the upcoming security patch promptly.

Key Questions

What exactly was compromised in the breach?

OpenAI confirmed that only limited credential material was exfiltrated from code repositories, with no evidence of broader data or code being impacted.

Should I delete or reinstall the ChatGPT Mac app?

Users are advised to update the app when prompted. No need to delete or reinstall unless instructed by OpenAI or if experiencing issues.

Are other platforms affected?

No. OpenAI stated that users on Windows and iOS do not need to take any action at this time.

Will my user conversations be safe?

OpenAI has not indicated any compromise of user conversations. Past issues related to local storage of conversations have been acknowledged, but no recent breach details suggest this was affected.