Mac owner claims that the ChatGPT app bypassed security and began indexing files without permission

ChatGPT Mac App Sparks Privacy Alarm After Exposing Local File Paths Without Permission

ChatGPT Mac App Update Sparks Privacy Concerns After User Claims It Revealed Local File Path

OpenAI’s latest update for the ChatGPT app on macOS has triggered a wave of discussion among Mac users after one person claimed the app behaved in a way that raised serious privacy questions. According to the user, the update disrupted the previous chat layout and project history, and when they asked ChatGPT where their missing projects had gone, the app reportedly displayed an exact local directory path on their Mac.

That response immediately alarmed some users, especially those who assumed ChatGPT should not be able to identify local file locations without explicit permission. The concern is that the app may be accessing, scanning, or indexing files stored on the computer, including hidden files, without the user fully understanding what is happening.

For privacy-focused users, the idea of an AI app knowing anything about local directories can feel unsettling. macOS includes permission controls such as Full Disk Access, which are designed to prevent apps from freely reading sensitive areas of the system. If an app appears to know where files are stored despite not being granted broad access, it can understandably look suspicious.

However, several users pushed back against the claim that ChatGPT was bypassing macOS security settings. One explanation shared in the discussion noted that many Mac apps can see basic user directory paths by default. This does not necessarily mean the app has access to private documents, photos, downloads, or other protected folders.

On macOS, apps often store configuration files inside a user profile folder. That means an app may be able to identify certain directory paths without having permission to read protected content inside them. Similar behavior is common across macOS, Windows, and Linux unless an application is tightly sandboxed.

Another point raised in the discussion is that ChatGPT’s Mac app may use a workspace environment. OpenAI’s own risk notices indicate that the app can read and edit files inside its workspace and may request additional permission when it needs access beyond that area. In other words, the app may be able to work with files that are already inside a permitted environment, but it should not be able to freely roam through the entire Mac without user approval.

Some commenters also suggested that users may be confusing the standard ChatGPT app experience with newer agent-style tools such as ChatGPT Codex or ChatGPT Work. These tools can run commands on a computer when given the proper setup and permissions, similar to entering commands in Terminal. If that is the case, ChatGPT may appear to “know” about files because it is using approved local command access rather than secretly bypassing privacy protections.

The situation highlights a growing concern around AI agents on personal computers. As AI tools become more powerful and more deeply integrated into desktop operating systems, users are paying closer attention to what these apps can see, what they can modify, and when they ask for permission. Even if the behavior is technically normal, unclear communication can quickly lead to mistrust.

Apple’s macOS privacy system is generally strict about sensitive file access, and it would be highly unusual for a third-party app to bypass those safeguards without triggering a larger security issue. Still, if users notice unexpected behavior from the ChatGPT Mac app, they should review the app’s permissions, check whether Full Disk Access is enabled, and confirm which version or mode of ChatGPT they are using.

Anyone who believes the app accessed files or directories it should not have should report the issue directly to OpenAI and Apple rather than relying only on public speculation. The current debate shows that many users remain divided: some see the incident as a serious privacy warning, while others believe it is a misunderstanding of how macOS file paths and app workspaces function.

For now, the safest takeaway is simple: keep an eye on app permissions, understand what AI tools are allowed to access, and be cautious when enabling agent features that can interact with files on your computer. As AI desktop apps continue to evolve, transparency around local file access will become even more important for maintaining user trust.