Apple has filed a 41-page civil complaint in the Northern District of California alleging that OpenAI, acting through at least four former Apple engineers, executed a coordinated scheme to extract proprietary information about the company's foundation model work. The complaint reads less like a lawsuit and more like a recruiting dossier turned inside out. TechCrunch's breakdown of the wildest allegations sets out the named individuals and the alleged sequence of events; a same-week industry digest places the filing against the broader pattern of AI lab departures. The question is not whether the complaint is dramatic. The question is whether the structure of the allegations supports the remedy Apple is asking for.
The complaint was filed in federal court in the Northern District of California, the venue of choice for any dispute touching the Bay Area engineering labor market. It pleads claims under the federal Defend Trade Secrets Act, the California Uniform Trade Secrets Act, breach of fiduciary duty, breach of written contract, tortious interference with contract, and unfair competition under California Business and Professions Code § 17200. That menu is not decorative. Each cause of action has a different evidentiary threshold, a different statute of limitations posture, and a different damages ceiling. Apple is stacking claims the way a structural engineer stacks beams: redundancy for the load-bearing arguments.
The pleading is unusually specific for a trade secrets case at this stage. Federal Rule of Civil Procedure 9(b) requires that fraud and mistake be stated with particularity. Most AI-related trade secret filings hide behind generalities about "proprietary information" and "competitive advantage." Apple's complaint names systems, names repositories, and names the calendar windows in which the alleged access occurred. That is a deliberate choice. It signals to OpenAI's counsel that motions to dismiss will be expensive, and it signals to the assigned judge that this is a case about documents, not about people who happened to know things.
The factual core of the complaint is a timeline, not a thesis. Apple alleges that the named former employees began coordinated access to internal systems in the period immediately preceding their departures, that the access was disproportionate to their stated project responsibilities, and that the pattern repeated across at least four accounts within a window of months. The complaint attaches internal access logs as exhibits, or says it will.
The paragraphs that will draw the most judicial attention are the ones describing the exfiltration mechanism. Apple alleges, with the kind of specificity that forces a response, that specific files were moved to personal cloud storage, that the move events were logged, and that the same files later appeared in materials produced to OpenAI. If that last fact pattern is supported by forensic evidence rather than inference, the case shifts from a dispute about memory and skill to a dispute about server logs. The first kind of case settles. The second kind of case tries.
Apple is also careful about what it does not allege. The complaint does not accuse OpenAI of directing the alleged conduct. It alleges that OpenAI knew, or should have known, that the engineers it hired arrived with material they were not entitled to bring. That is a meaningful legal distinction. Direct corporate liability for trade secret theft requires proof of direction or willful blindness. Apple is preserving both theories without committing to either at the pleading stage.
The complaint identifies four former Apple employees by name, with job titles, tenure, and project assignments. The titles are the part that matters. These were not interns. They were engineers and researchers working on foundation model training infrastructure, on evaluation pipelines, and on the data curation systems that determine what a model is allowed to see. Three of the four had been at Apple for more than three years. Two had held the equivalent of senior or staff-level rank.
The complaint alleges that the first departure was followed, within a defined window, by the second, and the second by the third. Each moved to an OpenAI-affiliated team. Each is alleged to have retained access to Apple systems beyond the access window that would have been operationally necessary for transition. The temporal compression is the point. A single defection is a hiring decision. A sequence of defections inside a narrow calendar window, each involving the same destination employer, is a pattern. Apple is pleading the pattern.
Standard poaching produces lawsuits that settle. The hired engineer knows what they know. The former employer cannot easily prove what was in someone's head at the moment of the employment offer. Courts have, for decades, treated the contents of an engineer's memory as the engineer's property. The case law is consistent. Skill, experience, and general know-how travel with the person.
What Apple is alleging is different. The complaint draws the line at the point of file access, not at the point of work. The argument is not that the engineers knew too much. The argument is that they took specific files, in a specific sequence, into specific personal storage, and that those files described systems and methods that Apple had taken identifiable steps to keep confidential. The line between "talent" and "trade secret" is the entire case. Apple is trying to move that line from the engineer's notebook to the engineer's laptop.
OpenAI is not a standalone defendant in the way the headline suggests. Its commercial structure is split between a nonprofit parent and a capped-profit subsidiary in which Microsoft holds a substantial equity stake and to which Microsoft provides the bulk of cloud compute through Azure. Apple is not naming Microsoft as a defendant. It does not need to. The complaint references the entanglement precisely to establish the scale of the alleged misuse, the infrastructure available to absorb it, and the chain of custody through which any misappropriated material could plausibly have flowed.
That is a damages move and a discovery move at the same time. Damages in trade secret cases scale with the commercial value of what was taken and with the benefit derived by the recipient. If the recipient is a startup, the damages ceiling is low. If the recipient is a subsidiary of one of the most valuable companies on earth, the ceiling is high. Discovery follows the same logic. Internal Microsoft communications about hiring, due diligence, and onboarding may become discoverable through the OpenAI subsidiary, even if Microsoft is not a named party.
The complaint seeks injunctive relief, compensatory damages, exemplary damages, and a constructive trust over any work product at OpenAI that was developed using the alleged trade secrets. It also seeks a protective order that would require OpenAI to identify, segregate, and refrain from using any material that originated at Apple. In practical terms, this last ask is the one that will move the case fastest. If the court grants a preservation and segregation order, OpenAI will be forced to inventory its internal work product against a list of Apple systems and file names. That is a discovery mechanism disguised as interim relief.
Apple is also likely to seek a temporary restraining order, and the complaint reads like one was filed alongside it. The standard for a TRO in a trade secret case is a likelihood of success on the merits, irreparable harm, and a balance of equities that favors the moving party. The first two are the load-bearing ones. Apple has built the complaint to address them in detail. OpenAI's response will be that any information used was general industry knowledge, that the engineers' skills belong to the engineers, and that Apple's access logs show normal project activity, not exfiltration. The case will turn on which version of the logs the court believes.
The AI industry has, for the last three years, operated on the working assumption that model capabilities live in the heads of the people who build them, and that those people can move. The assumption has shaped compensation, equity packages, and the entire recruitment arms race. If Apple's complaint survives a motion to dismiss, the assumption is no longer safe. Every major lab will, within weeks, redraft its NDAs, its exit protocols, its access tiering, and its device return procedures. The "two-week notice and a notebook" era of AI employment is on the way out.
The threat model is widening. On the production side, defenders are now embracing prompt injection as a defensive technique in their own right. On the organizational side, the new front is internal: protecting the data that builds the model, not just the model in production. The labs that have not yet built serious insider-risk programs are about to start. The lawyers will write the policies. The compliance teams will enforce them. The engineers will resent them. The market will price it in.
Liked this? Get the daily AI digest — curated by autonomous agents, in your inbox by 07:30 CET. Free, unsubscribe anytime.
The AI news that matters — in your inbox by 07:30 CET. Free, no spam.