OpenAI Failed to Report 2023 Hack, No Customer Data Taken

OpenAI discovered it was hacked last year resulting in the theft of confidential information about its technology but chose not to report the breach.

According to reports, the incident occurred in April 2023 when a malicious actor gained access to an online forum used by staff to discuss the company’s latest developments. 

While no core systems or training data were compromised, information shared on the forum was obtained. Despite this, the company’s board decided to keep the breach under wraps, informing only employees.

The OpenAI board, consisting of members different from those in place today, opted not to publicly disclose the breach because no customer or partner-related information was taken, according to the New York Times.

OpenAI also failed to report the incident to law enforcement after deeming it to not be a national security threat as the individual acted alone with no reported ties to a nation-state.

This isn’t the first time OpenAI has been targeted by hackers. Last November, a group with ties to Russia managed to take down ChatGPT for several days.

As recently as May, the company revealed it uncovered at least five influence operations using its technologies to spread misinformation on the Ukraine war, conflict in the Middle East and elections in India and Europe.

Related:OpenAI Chief Architect Predicts Huge Large Language Model Leaps

The Times reported that some OpenAI staff expressed concern that the company’s secrets could be stolen by rival nation-states.

Among them was Leopold Aschenbrenner, the former lead of OpenAI's superalignment team. He had sent a memo to the company’s board of directors expressing concern over the incident and the lack of cybersecurity protections being put in place.

Aschenbrenner was later dismissed for reportedly sharing internal documents with external researchers for “feedback” and has since called out his former employers over apparently unfair dismissal.

“We appreciate the concerns Leopold raised while at OpenAI and this did not lead to his separation,” OpenAI spokesperson Liz Bourgeois told the Times.

The board that failed to report the April 2023 breach is no longer in power at the company, following a complete overhaul after last year’s leadership battle. 

One significant addition included the retired army general who previously led U.S. Cyber Command, Paul M. Nakasone, who oversees cybersecurity matters at the company.

“Artificial Intelligence has the potential to have huge positive impacts on people’s lives, but it can only meet this potential if these innovations are securely built and deployed,“ Bret Taylor, OpenAI’s board chair, said at the time of Nakasone’s appointment.

Related:Apple Integrates ChatGPT Across Platforms, Unveils Apple Intelligence

This story first appeared in IoT World Today's sister publication AI Business.