The short answer
Apple sued OpenAI, its io Products hardware unit, and two named individuals on 10 July 2026 in the U.S. District Court for the Northern District of California, alleging that OpenAI systematically took Apple's trade secrets as engineers moved between the companies. The complaint names OpenAI's Chief Hardware Officer Tang Tan, a former Apple VP, and Chang Liu, a former Apple engineer accused of not returning a company laptop and downloading confidential technical documents. OpenAI denies the claims, saying it has "no interest in other companies' trade secrets."
The practical reading for engineering leaders: the alleged mechanics are the everyday risk of employee mobility, not corporate espionage from a spy film. If your protection against a departing engineer walking off with your source, designs, or client data is a signed NDA and good faith, this case is a prompt to build the operational controls that actually hold.
What did Apple actually file?
On Friday, 10 July 2026, Apple filed a lawsuit in the U.S. District Court for the Northern District of California against OpenAI, its hardware unit io Products, and two named former Apple employees, alleging theft of trade secrets and confidential information. Apple's framing is blunt: it accuses the defendants of stealing secrets "at every level," from technical staff up to hardware leadership, as OpenAI builds toward its own consumer devices. OpenAI acquired Jony Ive's io Products for roughly $6.4 billion in May 2025, a deal that pushed the former partners into direct hardware competition and, on Apple's account, created the pull for the alleged theft.
The backdrop is a soured alliance. Apple and OpenAI struck a high-profile partnership in 2024 to bring ChatGPT into Apple's products; relations chilled as OpenAI moved into hardware. For companies that build software, though, the celebrity angle is the least useful part. The important detail is how Apple says the secrets left the building — because that mechanism is available to anyone who employs engineers. The same exposure applies whether you run a full in-house team or scale with external and dedicated engineers; what changes the risk is not the employment model but the controls around access and departure.
OpenAI rejects the allegations. In a statement it said: "We have no interest in other companies' trade secrets. We remain focused on building innovative technology that empowers people everywhere." The case is at the complaint stage — Apple's claims are allegations that have not been tested in court — so the honest posture is to read it for operational lessons, not verdicts.
What are the specific allegations?
Apple's complaint centres on two people. It alleges that Tang Tan — OpenAI's Chief Hardware Officer and a former Apple vice president — used Apple's confidential project codenames during recruiting, asked candidates to bring Apple hardware parts to interviews, coached departing Apple employees on evading Apple's security procedures, and solicited details about unannounced products. It alleges that Chang Liu, a former Apple senior systems electrical engineer, failed to return an Apple-issued laptop after leaving for OpenAI in 2026, downloaded dozens of confidential hardware files, and shared Apple's confidential information with other prospective OpenAI hires.
Beyond the individuals, Apple points to specific assets: information about unreleased products and technical specifications, a proprietary metal-finishing technique, and Apple's vendor and contractor supply-chain relationships. None of that requires a breach or a hack. It is the accumulation of small failures at the boundary between one employer and the next — the moment when access should have been cut and was not, when a device should have come back and did not, when a document should have stayed put and moved.
Why should ordinary teams care?
Because the failure modes are universal. Every software company lives with a steady churn of people joining and leaving, each of whom accumulates access to source code, infrastructure, design files, and customer data. Trade-secret protection in most organisations is a signature on an NDA and an assumption that people behave — which works right up until it does not. The Apple complaint reads, stripped of the marquee names, like a checklist of the offboarding gaps that sit unaddressed in a great many teams.
There is also a regulatory frame worth naming. In the EU, trade secrets are protected under the EU Trade Secrets Directive (2016/943), and in the United States the Defend Trade Secrets Act gives holders a federal cause of action — but both reward the company that took reasonable measures to keep information secret. If you cannot show scoped access, controlled offboarding, and a clear confidentiality trail, you weaken your own ability to enforce your rights later. Protection is not only about preventing loss; it is about being able to prove you tried.
What it means for US & EU software teams
Strip away the headline and three durable implications remain. The first is that offboarding is where IP is won or lost. The dangerous moment is not the day someone signs a contract; it is the day they leave with credentials still live and a laptop still in a bag. Treat departure as a controlled process — revoke access to code, cloud, and document stores on the last day, and reclaim or remotely wipe devices — and most of the Apple-style exposure simply cannot happen.
The second is that access should be scoped, not universal. Much of the risk in the complaint flows from individuals who could reach far more than their role required. Least-privilege access, per-project boundaries, and logging of who can see what turn a catastrophic departure into a contained one. This is ordinary security hygiene, and it is the same discipline that makes it safe to bring in dedicated external engineers: give a team exactly the systems a project needs, and nothing else, so scope limits exposure by design.
The third is that inbound hygiene protects you too. Apple's case is about information leaving; the mirror risk is information arriving. When you onboard engineers — employees or contractors — make explicit that they must not bring a previous employer's confidential material into your codebase, because a tainted contribution can expose you to exactly this kind of claim. Written confidentiality and IP-assignment terms, on both the way in and the way out, are cheap insurance against an expensive dispute.
What to do now
Here is the shippable version. Treat the Apple–OpenAI suit as a prompt to check the controls you already should have, not as a reason to distrust your people.
- Make offboarding a checklist, not a courtesy. Revoke code, cloud, SSO, and document access on the last day; reclaim or wipe devices; confirm in writing.
- Scope access to the role. Least privilege and per-project boundaries so no single person — or team — can reach everything.
- Log who can see what. Keep an access map so you know your exposure the moment someone leaves, and can show reasonable measures if you ever litigate.
- Guard the inbound side. Tell new joiners and contractors, in writing, never to import a former employer's confidential material.
- Put IP and confidentiality in writing both ways. Clear assignment and NDA terms for employees and any external partner, aligned to the EU Trade Secrets Directive and the US Defend Trade Secrets Act.
- Rehearse the departure of a key engineer. If your most senior person left tomorrow, what could they still access at midnight? Fix whatever the answer reveals.
None of this is legal advice, and your exact obligations depend on your jurisdiction and sector. But the strategic signal is clear: as talent moves faster between AI and software companies, the teams that protect their IP are the ones that treat access, offboarding, and confidentiality as everyday engineering hygiene — long before a dispute makes it urgent.
Frequently asked questions
What is Apple's lawsuit against OpenAI about?
On 10 July 2026 Apple filed suit in the U.S. District Court for the Northern District of California against OpenAI, its io Products hardware unit, and two named individuals, alleging theft of trade secrets. Apple claims the theft happened as engineers moved from Apple to OpenAI: it names Chief Hardware Officer Tang Tan, a former Apple VP accused of soliciting confidential information during recruiting, and Chang Liu, a former Apple engineer accused of failing to return a company laptop and downloading confidential technical documents. OpenAI denies the claims and says it has no interest in other companies' trade secrets.
What exactly does Apple accuse the engineers of doing?
Apple alleges Tang Tan used Apple's confidential project codenames during recruiting, asked candidates to bring Apple hardware parts to interviews, and coached departing employees on evading Apple's security procedures. It alleges Chang Liu did not return an Apple-issued laptop after leaving for OpenAI in 2026, downloaded dozens of confidential hardware files, and shared Apple's confidential information with other prospective OpenAI hires. Apple also says a proprietary metal-finishing technique and its supplier relationships were misused.
Why does a lawsuit between Apple and OpenAI matter to ordinary software teams?
Because the alleged conduct is not exotic. It is the everyday mechanics of employee mobility: a laptop that is never returned, documents copied before a resignation, and confidential details shared in interviews. Any company that hires, offboards, or uses external engineers faces the same exposure. The case is a reminder that IP protection is an operational discipline built from device return, access revocation, and clear confidentiality boundaries, not a clause you sign once and forget.
How can a company protect its trade secrets when engineers change jobs?
Treat offboarding as a controlled process: revoke access to code, cloud, and documents on the last day; reclaim or remotely wipe devices; and log what data each departing person could reach. Limit access during employment so no single engineer holds everything. When you bring people in, make clear they must not import a previous employer's confidential material. Keep confidentiality obligations in writing, and align them with the EU Trade Secrets Directive in Europe and the Defend Trade Secrets Act in the United States.
Is it risky to use external or nearshore engineering teams because of trade secrets?
It is manageable with the right controls, and often lower-risk than ad-hoc hiring. A professional engineering partner works under written confidentiality and IP-assignment terms, scopes access to only the systems a project needs, and offboards cleanly when the work ends. The exposure in the Apple case came from weak boundaries around individual movement, not from the use of external teams as such. What matters is that access is scoped, assignment of IP is explicit, and departure is controlled.
Sources
TechCrunch — Apple sues OpenAI over alleged trade secret theft
Fortune — Apple accuses OpenAI and Jony Ive's io Products of stealing hardware trade secrets
CNBC — Apple sues OpenAI alleging trade secret theft