OpenAI flags Axios security issue
OpenAI reported a security issue tied to a third‑party developer tool called Axios and said it was taking steps to protect the macOS app‑certification process while confirming user data was not accessed. (reuters.com). Reuters says OpenAI described the problem as related to the process that certifies macOS applications as legitimate. (reuters.com).
OpenAI said on April 10 that it found a security issue tied to Axios, a third-party developer tool, and moved to protect how its macOS apps are certified as genuine. (openai.com) The company said it found no evidence that user data was accessed, its systems or intellectual property were compromised, or its software was altered. Reuters reported the disclosure on April 10. (openai.com) (reuters.com) Axios is a software library that helps apps move data over the internet, and OpenAI said the issue was part of a broader industry incident involving the tool. OpenAI said the problem touched the process used to certify that its macOS applications are legitimate OpenAI apps. (openai.com) (reuters.com) On a Mac, app certification is the system Apple uses to verify that software comes from an identified developer and has not been tampered with. OpenAI’s warning means the risk was tied to trust in app identity, not to evidence of a breach of customer accounts or chats. (support.apple.com) (openai.com) OpenAI said it was acting “out of an abundance of caution,” a sign it is treating the certification chain as sensitive even without evidence of misuse. Axios reported that OpenAI found one internal tool had downloaded a compromised update from the affected library. (openai.com) (axios.com) Axios also reported that the exposure could have let attackers steal a certificate that would make fake OpenAI apps appear legitimate, though OpenAI said it had not seen that happen. That is the main reason the company focused its response on the macOS verification process. (axios.com) (reuters.com) The disclosure lands as software companies face repeated supply-chain attacks, where attackers compromise a trusted component used by many developers instead of breaking into each target directly. OpenAI said this Axios issue was part of a “widely reported” industry incident, placing it in that broader pattern. (cisa.gov) (openai.com) For Mac users, the practical point is narrower than a typical data-breach notice: the concern is whether a malicious app could look authentic, not whether OpenAI says chats or account data were taken. OpenAI’s statement closed with the same line it opened on: no evidence of user-data access, but extra protection around app legitimacy. (openai.com)
