OpenAI flags Axios issue

OpenAI said on April 10 that a compromised Axios software package reached part of its Mac app signing pipeline, prompting certificate changes. (openai.com) The company said the affected workflow downloaded and ran Axios version 1.14.1 on March 31, 2026, inside a GitHub Actions process used to sign macOS apps including ChatGPT Desktop, Codex, Codex Command Line Interface, and Atlas. (openai.com) OpenAI said it found no evidence that user data was accessed, its systems or intellectual property were compromised, or its software was altered. Reuters reported the same disclosure on April 10. (openai.com) (reuters.com) Axios is a widely used JavaScript tool that apps use to send and receive data over the internet. In this case, OpenAI said the risk centered on a certificate that tells Apple and users that a Mac app really came from OpenAI. (openai.com) (microsoft.com) OpenAI said the certificate in that workflow was likely not stolen because of the timing of the malicious code, the way the certificate was injected into the job, and other safeguards. It still revoked and rotated the certificate “out of an abundance of caution.” (openai.com) That change means Mac users must update. OpenAI said older versions of its macOS desktop apps will stop receiving updates or support on May 8, 2026, and may stop functioning after that date. (openai.com) The earliest Mac versions signed with the new certificate are ChatGPT Desktop 1.2026.051, Codex App 26.406.40811, Codex Command Line Interface 0.119.0, and Atlas 1.2026.84.2. OpenAI said users should update through the app itself or from official download pages. (openai.com) OpenAI said it also hired a third-party digital forensics and incident response firm, reviewed notarization records tied to the old certificate, and worked with Apple so software signed with that certificate could not be newly notarized. (openai.com) The company traced the exposure to a GitHub Actions misconfiguration. OpenAI said the workflow used a floating tag instead of a fixed commit hash and did not set a minimum release age for new packages, which let the compromised Axios release enter the build process. (openai.com) Microsoft said the broader Axios compromise on March 31 affected versions 1.14.1 and 0.30.4 and tied the campaign to Sapphire Sleet, a North Korean state actor. OpenAI’s disclosure shows how a poisoned open-source dependency can reach software release systems even when the final apps were not found to be tampered with. (microsoft.com) (openai.com) For OpenAI users, the practical step is narrow: update Mac apps before May 8 and avoid installers sent through email, messages, ads, or third-party download sites. OpenAI said passwords and application programming interface keys were not affected. (openai.com)