OpenAI macOS Supply‑Chain Issue

OpenAI is telling Mac users to update ChatGPT and other desktop apps after a third-party software incident touched the system that signs its macOS apps. (openai.com) On March 31, 2026, a malicious version of the Axios developer library ran inside a GitHub Actions workflow that OpenAI used in its macOS app-signing process. That workflow had access to the certificate and notarization material for ChatGPT Desktop, Codex App, Codex Command Line Interface, and Atlas. (openai.com) A signing certificate is the digital stamp that tells a Mac an app really came from the developer it claims to be from. OpenAI said its analysis found no evidence that the certificate was successfully stolen, but it is revoking and rotating it anyway. (openai.com) The company said it found no evidence that user data was accessed, that its systems or intellectual property were compromised, or that its shipped software was altered. CNBC also reported that passwords and OpenAI application programming interface keys were not affected. (openai.com) (cnbc.com) The immediate risk was not a hacked model or a breach of ChatGPT conversations. The concern was that, if a signing certificate were abused, someone could make a fake Mac app appear to come from OpenAI. (cybernews.com) OpenAI said older versions of its Mac apps will stop receiving updates or support on May 8, 2026, and may stop working. The earliest versions signed with the new certificate are ChatGPT Desktop 1.2026.051, Codex App 26.406.40811, Codex Command Line Interface 0.119.0, and Atlas 1.2026.84.2. (openai.com) The company said it hired a third-party digital forensics and incident response firm, rotated the certificate, published new builds, and worked with Apple so software signed with the old certificate could not be newly notarized. OpenAI also said it reviewed prior notarizations with the old certificate and found no unexpected software signed with those keys. (openai.com) Reuters and other outlets described the episode as part of a broader software supply-chain attack, meaning attackers targeted a widely used code component rather than OpenAI’s products directly. CNBC reported that OpenAI linked the broader Axios compromise to actors believed to be tied to North Korea. (reuters.com) (cnbc.com) OpenAI said the root cause inside its own setup was a misconfiguration in the GitHub Actions workflow, and that it has fixed that issue. For Mac users, the practical deadline is May 8: update to a newly signed version, or older OpenAI desktop apps may lose support or stop functioning. (cnbc.com) (openai.com)