Is ChatGPT Atlas Safe? User Finds Unencrypted Tokens in Cache File

⚠️ Warning: ChatGPT Atlas May Store OAuth Tokens Unencrypted — User Report

A recent discussion in the OpenAI community forum highlights a potentially serious security concern in the ChatGPT Atlas desktop browser for macOS. One user reported that their ChatGPT OAuth tokens were stored locally in plain text, and that Atlas never asked macOS for Keychain access during installation. While Atlas is still in an early development stage, this finding raises reasonable privacy and security questions that users should be aware of.

Disclaimer: This article is based on a user report from the community forum, not an official OpenAI security advisory. Always verify information and check for the latest updates in the release notes.

👉: Fix: “Sign-In Failed – Error 403” When Logging in to ChatGPT Atlas on macOS (Google Login)

🔍 What the User Found

After installing Atlas, the user inspected the local cache directory and found a SQLite database located at:

~/Library/Caches/com.openai.atlas/Cache.db

Two issues were highlighted:

• 📁 Permissions were set to 644 — meaning the file was readable by other users on the same machine.
• 🔓 OAuth tokens appeared unencrypted — the user could query the database with a Python script and access their ChatGPT session without logging in again.

If accurate, this means anyone with access to the same computer could potentially extract the token and impersonate the account.

👉: Fix: “You can’t use this version of the application with this version of macOS” on ChatGPT Atlas

🔑 Keychain Access Missing

The user also mentioned that Atlas did not request Keychain access during installation. Interestingly, other users said they did receive a Keychain prompt, suggesting the behavior might depend on login method, operating system version, or a specific build.

Most macOS browsers encrypt sensitive tokens and store them in Keychain, so this behavior is unusual.

👉: New Error in ChatGPT Atlas: “getNodeByIdOrMessageId” — What Does It Mean and How Do You Fix It?

⚠️ Why This Matters

• 👤 Someone with local access could extract the token
• 📜 Tokens can grant access without entering a password
• 🧩 Could allow access to chat history and account identity
• 🏢 Higher risk in shared or workplace computers

👉: Fix “ChatGPT Atlas Is Not Supported on This Mac”: Causes and Solutions

✅ Temporary Workarounds for Mac Users

While waiting for an official fix, users can try:

• 🔐 Restricting file permissions:

chmod 600 ~/Library/Caches/com.openai.atlas/Cache.db

• ♻️ Logging out and signing in again to refresh tokens
• 🗑️ Deleting the Cache.db file (Atlas will rebuild it, but you must sign in again)
• 🙅 Avoiding shared/guest computers
• 🔄 Monitoring for updates in the official Atlas Release Notes

👉: Fixing the API.BaseAPI.InternalRequestError in ChatGPT Atlas — What It Means and What You Can Do

🕒 Will OpenAI Fix This?

At the time of the report, the user did not see a fix in the latest update and was unsure where to file a formal bug. The thread has gained attention from other community members, meaning the concern is not isolated.

Because Atlas is still new, early security issues are not unusual. However, storing OAuth tokens unencrypted goes against common security practices used in browsers like Chrome, Safari, Edge, Brave, or Arc.

👉: ChatGPT Atlas Login Error Explained: The Server Certificate Could Not Be Verified

❓ Frequently Asked Questions (FAQ)

▶ Is this a confirmed vulnerability?
Not officially. The report came from a community user. Still, the technical details appear reproducible.

▶ Does this affect all Atlas users?
Unclear. Some users reported Keychain prompts, others did not.

▶ Can someone access my ChatGPT account using an OAuth token?
Potentially yes. OAuth tokens can authenticate without re-entering a password.

▶ Is deleting Cache.db safe?
Yes. Atlas will recreate the file, but you’ll need to sign in again.

▶ Should I uninstall Atlas?
If you’re on a shared or insecure computer and are concerned about privacy, uninstalling or logging out is the safest temporary option.

▶ Where can I check if this issue is fixed?
Check the official ChatGPT Atlas Release Notes or OpenAI announcements.

👉: How to Import Bookmarks, Passwords, and History into ChatGPT Atlas

✅ Conclusion

The report suggests that some installations of ChatGPT Atlas on macOS may store OAuth tokens in an unencrypted format with permissive file permissions. Even though this comes from a community report, the technical details are credible enough that privacy-focused users should be cautious.

Atlas is still evolving, and early-stage bugs are expected. Until an official fix appears, users can restrict permissions, delete the cache, or wait for a new build that integrates securely with macOS Keychain.

✅ This article will be updated if an official patch, fix, or announcement becomes available.