OpenAI says hackers stole some data after latest code security issue

OpenAI disclosed a security breach in which attackers accessed employee devices following a code vulnerability, though the company contained the damage to internal systems. The infiltration did not compromise user data, production infrastructure, or intellectual property, according to the company's statement.

The incident represents the latest in a series of security challenges for the AI giant. OpenAI reported that hackers obtained certain employee data during the breach, which the company discovered and addressed. The company did not specify the scope of employee information accessed or the timeline of the attack.

OpenAI emphasized that its core operations remained unaffected. The breach was isolated to employee-controlled devices rather than central company infrastructure. This distinction matters for user confidence. OpenAI's API, models, and customer data systems operated normally throughout the incident.

The company did not disclose which threat actors were responsible or provide technical details about the vulnerability that enabled the breach. OpenAI stated it was working with external security experts to investigate the incident and remediate the underlying code issue.

This disclosure comes as enterprise security becomes increasingly scrutinized for AI companies handling sensitive customer data and training information. OpenAI faces growing pressure from regulators and customers to maintain robust defenses, particularly as its products integrate deeper into corporate workflows.

The company has faced prior security incidents. In late 2022, a bug exposed users' chat history to unrelated accounts. Last year, attackers claimed to have breached internal systems, though OpenAI disputed the severity.

For customers relying on OpenAI for mission-critical applications, the distinction between employee device compromise and production system breach provides some reassurance. However, the incident underscores ongoing security pressures on the AI infrastructure layer that enterprises depend on.

OpenAI did not announce any user-facing security changes or additional protective measures beyond fixing the code vulnerability.