OpenAI updates certificates after Axios compromise
OpenAI updated security certificates for affected ChatGPT macOS apps after a malicious script in a compromised Axios package maintainer account could have exposed clients on multiple platforms. The fix was framed as a vendor response to a supply-chain incident that touched mainstream AI apps. (theverge.com)
OpenAI said it rotated security certificates for its macOS apps after an internal signing workflow pulled a hacked Axios package on March 31, 2026. (openai.com) The company said the affected workflow handled code-signing and notarization material for ChatGPT Desktop, Codex, Codex command-line interface, and Atlas on macOS. OpenAI said all macOS users now need to update those apps to the latest versions. (openai.com) Axios is a common software library that apps use to send data over the internet, like a courier moving requests between programs and servers. Microsoft said attackers published malicious Axios versions 1.14.1 and 0.30.4 that could fetch a remote-access tool on Windows, macOS, and Linux. (microsoft.com) OpenAI said the issue was not a breach of ChatGPT conversations or OpenAI systems. The company said it found no evidence that user data was accessed, that its software was altered, or that its systems or intellectual property were compromised. (openai.com) The risk OpenAI described was narrower and more specific: a stolen signing certificate could help an attacker make a fake macOS app appear to come from OpenAI. OpenAI said it updated certificates to block that scenario, even though it had seen no evidence that anyone used the materials that way. (axios.com) The incident sits inside a software supply-chain attack, where hackers tamper with a trusted tool so downstream companies ingest the malicious code during routine updates. Microsoft attributed the Axios compromise to Sapphire Sleet, a North Korean state actor. (microsoft.com) The Verge reported that the compromised Axios package came from a maintainer account that attackers had taken over, and that the malicious script could have exposed clients across multiple platforms. OpenAI framed its move as a vendor response to that broader third-party compromise rather than a direct intrusion into OpenAI’s products. (theverge.com) OpenAI disclosed its response on April 10, 2026, and CNBC reported the company was protecting the process that certifies its macOS applications as legitimate OpenAI apps. For users, the immediate step is simpler than the attack chain: install the latest macOS versions of ChatGPT, Codex, Codex command-line interface, and Atlas. (cnbc.com)
