TL;DR: Apple’s lawsuit against OpenAI is a masterclass in how not to offboard staff.
On 10 July 2026, Apple filed a lawsuit in the US District Court for the Northern District of California against OpenAI, hardware firm io Products, and two former Apple employees, alleging a coordinated effort to misappropriate trade secrets. The headlines have focused on the corporate drama — stolen designs, supply chain contacts, an AI device meant to rival the iPhone. But buried in the complaint is a detail every business owner should read twice: it allegedly started with a laptop that never came back.
Apple’s complaint alleges that OpenAI systematically extracted confidential information through its recruitment of Apple staff — including asking candidates to bring components to interviews and coaching leavers on how to sidestep Apple’s exit security checks. OpenAI has denied any wrongdoing, telling reporters it has no interest in other companies’ trade secrets. These are allegations, and the case is untested in court.
The detail that matters most for the rest of us is narrower. Apple alleges that Chang Liu, a former senior systems electrical engineer, failed to return his Apple-issued laptop when he left, used it to download confidential technical documents, and later exploited an authentication flaw to reach Apple’s internal file storage after his employment had ended. You can read the full reporting in CNBC’s coverage of the filing.
Because the failure mode is identical at every size of business. Apple has one of the most sophisticated security operations on earth, and it still — allegedly — ended up litigating over a single unreturned machine. Your business does not have Apple’s legal budget, its forensic teams, or its ability to absorb the reputational hit. What you do have is the same exposure: company data copied onto company devices, cached credentials, and a leaver process that depends on someone remembering to do the right thing at exactly the right moment.
The pattern in the Apple filing is familiar to anyone who has cleaned up after a difficult exit. The employee gives notice. The device stays with them through the notice period, because they still need it to do their job. The offboarding checklist assumes the machine will be handed back on the last day. It isn’t — or it is, weeks late, after the data has already been copied. Meanwhile, access is revoked by hand, service by service, and something inevitably gets missed.
It sits on the endpoint. Every file synced to a local drive, every mailbox cached in Outlook, every document downloaded “just to work on offline” is a copy of your intellectual property living outside your control the moment that machine walks out of the door. Revoking a login does nothing to data that is already on the hard drive. Recovering it means chasing the device — and if the person does not want to hand it back, your next step is a solicitor.
The NCSC is clear about the fix in its guidance on using cloud services securely: organisations should run a proper Joiners, Movers and Leavers process, managing access centrally from a single, trusted source of identity — so that offboarding is a controlled, deliberate act rather than a scramble.
This is precisely the scenario our Remote Desktop Service (RDS) is built to eliminate — and the mechanism is simple. RDS is a fully cloud-based service. The Windows desktop your staff log into does not run on their PC. It runs in our secure, ISO 27001 certified UK data centre, and they connect to it over the internet from any device, anywhere.
That means the desktop lives in the cloud. The applications live in the cloud. The files, the emails, the client records, the designs, the accounts — all of it lives in the cloud, on our servers, under your control. The laptop, PC or tablet in front of the employee is doing nothing more than displaying a screen and passing back a keyboard and mouse. Nothing is stored on it. Nothing is ever downloaded to it. It is a window into your business, not a copy of it.
It looks like one action. You tell us the person has left. We disable their account. The session ends, the desktop disappears, and every document and system they touched stays exactly where it always was — in the cloud. There is no local copy to recover, no hard drive to wipe, no chasing a device, no awkward conversation about when the laptop is coming back. It is a clean cut, because there was never anything on the device to cut away from.
The offboarding benefit is the headline, but it is not the only one. Because the environment is centrally managed, copy, paste, USB access and printing can all be restricted at the session level — so data cannot be quietly extracted during a notice period. Every session is logged, giving you an audit trail instead of a guess if a dispute ever arises. Patching, backups and security controls are applied once, in one place, rather than device by device. And your team gets the same full desktop whether they are in the office, at a client site, or working from anywhere else — on a company machine or their own.
Pair that with proper identity management across Microsoft 365 and Azure, and your entire joiner-mover-leaver process collapses down to enabling and disabling a single account.
Start with that question. If a senior member of staff resigned tomorrow and their device never came back, what would you lose — and would you even know? If the honest answer is “we’re not sure”, that is the gap worth closing. Map where your data physically sits, tie every system to one identity you can switch off centrally, and move the data that matters off endpoints and into a managed cloud environment. Our managed cyber security team can walk that assessment with you, and a free business security risk assessment is a sensible place to begin.
Apple will spend years and a fortune in court arguing about what was on one laptop. Most businesses would not survive that fight — which is why the smarter move is to make sure there is never anything on the laptop worth fighting over. If Apple can be caught out by this, it is worth asking whether your own systems would hold up. Talk to us and we’ll show you exactly how our Remote Desktop Service makes a staff exit a clean one.