OpenAI flags Axios bug
OpenAI reported a security issue involving a third‑party developer tool called Axios and said it had taken steps to address the problem while assuring users that their data remained protected. The incident highlights risks in the surrounding toolchain rather than the model itself and led to public statements from OpenAI about mitigation. (thenews.com.pk) (tradingview.com)
OpenAI said on April 10 that a compromised version of the developer library Axios touched its macOS app-signing pipeline, and the company found no evidence user data was accessed. (openai.com) The issue traces to March 31, 2026, when OpenAI said a GitHub Actions workflow in its macOS signing process downloaded and ran Axios version 1.14.1, a release published during a broader software supply-chain attack. (openai.com) App signing is the digital stamp that tells Apple users software really came from a named developer. OpenAI said the affected workflow had access to the certificate and notarization material for ChatGPT Desktop, Codex, Codex Command Line Interface, and Atlas. (openai.com) OpenAI said its review found no evidence that the certificate was successfully stolen, no evidence its software was altered, and no evidence its systems or intellectual property were compromised. CNBC, citing the company, also reported that passwords and OpenAI application programming interface keys were not affected. (openai.com) (cnbc.com) The company is still treating the certificate as compromised. It said it is revoking and rotating the certificate, publishing new builds of affected macOS apps, and working with Apple so software signed with the old certificate cannot be newly notarized. (openai.com) That change comes with a deadline: OpenAI said that, effective May 8, 2026, older versions of its macOS desktop apps will no longer receive updates or support and “may not be functional.” It told macOS users to install the latest versions through in-app updates or official OpenAI download pages. (openai.com) The broader Axios incident was not limited to OpenAI. Microsoft said malicious Axios versions 1.14.1 and 0.30.4 were published on March 31 and tied the command-and-control infrastructure behind the compromise to Sapphire Sleet, a North Korean state actor. (microsoft.com) GitHub’s advisory database said the attacker compromised the primary Axios maintainer’s npm account and that the malicious packages were live for about three hours before removal. The advisory identified version ranges that could have pulled in the bad release automatically through normal dependency rules. (github.com) OpenAI said the root cause on its side was a misconfiguration in the GitHub Actions workflow, and CNBC reported that the company has addressed it. The episode left OpenAI talking less about its models than about the software plumbing around them. (cnbc.com)
