TL;DR
OpenAI has disclosed that its macOS app-signing pipeline was exposed after Axios, a widely used developer library, was compromised on 31 March as part of a North Korea-linked supply chain attack. The company says no user data was accessed and is rotating certificates, with all macOS users required to update by 8 May.
What happened
A malicious version of Axios (v1.14.1) was injected into a GitHub Actions workflow that OpenAI uses for signing macOS applications including ChatGPT Desktop, Codex, Codex-cli and Atlas. The workflow had access to code-signing certificates and Apple notarisation material — the cryptographic credentials that verify an app genuinely comes from OpenAI.
Google’s Threat Intelligence team attributed the broader Axios compromise to North Korean threat actors targeting the npm package ecosystem. OpenAI’s exposure was one consequence of that wider attack.
The company’s analysis concluded the signing certificate was “likely not successfully exfiltrated” due to timing factors in how the payload executed. But OpenAI is treating it as compromised regardless, engaging a third-party forensics firm and rotating all affected certificates.
What UK users need to do
All macOS users of OpenAI applications must update to versions signed with the new certificate. After 8 May 2026, older versions will stop receiving updates and may cease to function. iOS, Android, Linux, Windows and web versions are unaffected. Passwords and API keys were not exposed.
The root cause was a misconfiguration in the GitHub Actions workflow: the action used a floating tag rather than a pinned commit hash, and lacked a configured minimum release age for new packages — a common supply chain hygiene gap that allowed the compromised version to be pulled automatically.
Broader context
This incident follows a pattern of supply chain attacks targeting developer tooling, where compromising a single popular library can cascade across thousands of downstream projects. For UK businesses relying on OpenAI’s desktop tools, it underscores the importance of software update discipline and verifying application authenticity through official channels only.
Looking forward
OpenAI is working with Apple to block new notarisations using the old certificate and will fully revoke it on 8 May. The 30-day window is designed to minimise disruption while users update. The company has pledged to accelerate revocation if any misuse of the exposed certificate is detected.