OpenAI Failed to Report 2023 Hack, No Customer Data Was Taken

OpenAI discovered it was hacked last year, resulting in the theft of confidential information about its technology but chose not to report the breach

Ben Wodecki, Jr. Editor

July 9, 2024

2 Min Read
Illustration of the OpenAI logo displayed on a phone in front of the name of the company
STEFANI REYNOLDS/AFP via Getty Images

OpenAI discovered it was hacked last year resulting in the theft of confidential information about its technology but chose not to report the breach.

According to reports, the incident occurred in April 2023 when a malicious actor gained access to an online forum used by staff to discuss the company’s latest developments. 

While no core systems or training data were compromised, information shared on the forum was obtained. Despite this, the company’s board decided to keep the breach under wraps, informing only employees.

The OpenAI board, consisting of members different from those in place today, opted not to publicly disclose the breach because no customer or partner-related information was taken, according to the New York Times.

OpenAI also failed to report the incident to law enforcement after deeming it to not be a national security threat as the individual acted alone with no reported ties to a nation-state.

This isn’t the first time OpenAI has been targeted by hackers. Last November, a group with ties to Russia managed to take down ChatGPT for several days.

As recently as May, the company revealed it uncovered at least five influence operations using its technologies to spread misinformation on the Ukraine war, conflict in the Middle East and elections in India and Europe.

Related:Retired Army General Joins OpenAI to Lead Cybersecurity Efforts

The Times reported that some OpenAI staff expressed concern that the company’s secrets could be stolen by rival nation-states.

Among them was Leopold Aschenbrenner, the former lead of OpenAI's superalignment team. He had sent a memo to the company’s board of directors expressing concern over the incident and the lack of cybersecurity protections being put in place.

Aschenbrenner was later dismissed for reportedly sharing internal documents with external researchers for “feedback” and has since called out his former employers over apparently unfair dismissal.

“We appreciate the concerns Leopold raised while at OpenAI and this did not lead to his separation,” OpenAI spokesperson Liz Bourgeois told the Times.

The board that failed to report the April 2023 breach is no longer in power at the company, following a complete overhaul after last year’s leadership battle. 

One significant addition included the retired army general who previously led U.S. Cyber Command, Paul M. Nakasone, who oversees cybersecurity matters at the company.

“Artificial Intelligence has the potential to have huge positive impacts on people’s lives, but it can only meet this potential if these innovations are securely built and deployed,“ Bret Taylor, OpenAI’s board chair, said at the time of Nakasone’s appointment.

Related:ChatGPT Hit by Hackers

Read more about:

ChatGPT / Generative AI

About the Author(s)

Ben Wodecki

Jr. Editor

Ben Wodecki is the Jr. Editor of AI Business, covering a wide range of AI content. Ben joined the team in March 2021 as assistant editor and was promoted to Jr. Editor. He has written for The New Statesman, Intellectual Property Magazine, and The Telegraph India, among others. He holds an MSc in Digital Journalism from Middlesex University.

Keep up with the ever-evolving AI landscape
Unlock exclusive AI content by subscribing to our newsletter!!

You May Also Like