OpenAI rotates macOS app certificates after Axios supply-chain compromise
Original: Our response to the Axios developer tool compromise View original →
OpenAI disclosed on April 10, 2026 that a GitHub Actions workflow in its macOS app-signing process downloaded and executed a malicious Axios 1.14.1 package on March 31, 2026 (UTC). The company said the issue was tied to a broader software supply chain attack and affected a workflow that had access to code-signing certificate and notarization material for ChatGPT Desktop, Codex App, Codex CLI, and Atlas.
According to OpenAI, the company found no evidence that user data was accessed, that internal systems or intellectual property were compromised, or that published software was altered. It also said it has not seen malware signed as OpenAI. Even so, OpenAI is treating the signing certificate as potentially compromised and is revoking and rotating it out of caution.
That response has direct consequences for Mac users. OpenAI said all macOS users should update through in-app mechanisms or official download pages, and it warned against installers distributed through email, ads, chat messages, or third-party download sites. Effective May 8, 2026, older versions will no longer receive updates or support and may stop functioning. The earliest versions signed with the new certificate are ChatGPT Desktop 1.2026.051, Codex App 26.406.40811, Codex CLI 0.119.0, and Atlas 1.2026.84.2.
The technical root cause is also notable. OpenAI said the compromised workflow relied on a floating tag instead of pinning a specific commit hash, and it lacked a configured minimumReleaseAge for new packages. Those are classic CI/CD hardening gaps, so the incident is a reminder that AI vendors remain exposed to the same software supply chain risks affecting the broader industry.
For the AI ecosystem, the larger takeaway is operational rather than sensational. OpenAI’s statement frames this as a contained exposure event rather than a confirmed breach of products or customer data. But the requirement to rotate signing material, coordinate with Apple, and set a May 8 deadline shows how a dependency compromise in developer tooling can still force public remediation across consumer and developer-facing AI software.
Related Articles
OpenAI said on April 10, 2026 that a compromised Axios package touched a GitHub Actions workflow used in its macOS app-signing pipeline. The company says no user data, systems, or software were compromised, but macOS users need updated builds signed with a new certificate before May 8, 2026.
OpenAI said a compromised Axios package reached a GitHub Actions workflow used in its macOS app-signing pipeline. The company said it found no evidence of user data or product compromise, but is rotating certificates and requiring users to update macOS apps.
OpenAI on March 25 launched a public Safety Bug Bounty program on Bugcrowd for AI abuse, agentic misuse, and platform-integrity reports. The company says the new track complements its existing Security Bug Bounty rather than replacing it.
Comments (0)
No comments yet. Be the first to comment!