OpenAI developer-tool issue

OpenAI said a compromised software component touched one of its internal Mac app pipelines, but the company says it found no evidence that user data, source systems, or intellectual property were accessed. The weak point was not ChatGPT itself; it was the machinery that helps prove a Mac app really came from OpenAI. (openai.com) That machinery is called code signing. A developer attaches a digital certificate to an app the way a bank stamps a cashier’s check, and Apple uses that certificate to decide whether the app should look trustworthy on a Mac. (openai.com) OpenAI said the affected tool was Axios, a widely used third-party developer library. On March 31, 2026, a GitHub Actions workflow in OpenAI’s Mac app-signing process downloaded and executed a malicious Axios version, identified by OpenAI as version 1.14.1. (openai.com) GitHub Actions is the automated assembly line many software teams use to build and ship code. In OpenAI’s case, that assembly line had access to the certificate and notarization material used to sign ChatGPT Desktop, Codex, Codex command-line interface, and Atlas for macOS. (openai.com) Notarization is Apple’s extra checkpoint after signing. It is the part where Apple scans software and records that the app passed review, which is why a stolen signing chain can be more dangerous than a bug in a single app. (openai.com) OpenAI said its investigation found the certificate was likely not successfully exfiltrated, partly because of the timing of the malicious payload and the sequencing of the workflow job. OpenAI also said it reviewed software notarized with the old certificate and found no unexpected notarization and no unauthorized changes in published apps. (openai.com) OpenAI is still treating the certificate as compromised anyway. The company said it is revoking and rotating the Mac signing certificate, publishing new builds, and working with Apple so software signed with the previous certificate cannot be newly notarized. (openai.com) That is why OpenAI is telling Mac users to update now. OpenAI said all macOS users need the latest versions, and it set May 8, 2026 as the date when older desktop app versions will stop receiving updates or support and may stop functioning. (openai.com) The first Mac releases signed with the new certificate are ChatGPT Desktop 1.2026.071, Codex App 26.406.40811, Codex command-line interface 0.119.0, and Atlas 1.2026.84.2. OpenAI said users should update through the app itself or through OpenAI’s official download pages. (openai.com) OpenAI said passwords and OpenAI application programming interface keys were not affected. CNBC reported OpenAI tied the root cause to a misconfiguration in the GitHub Actions workflow and said the company has already addressed that configuration problem. (cnbc.com) The backdrop is a software supply chain attack, which is when attackers poison a trusted ingredient so it gets carried into many companies at once. OpenAI said the Axios compromise was part of a broader industry incident, and CNBC reported the actors were believed to be linked to North Korea. (openai.com, cnbc.com) So the immediate story is not stolen chats or altered models. It is that one infected library inside a build pipeline can put a company’s trust stamp at risk, and once that stamp is in question, every signed Mac app has to be reissued fast. (openai.com, axios.com)