OpenAI issues macOS library alert

OpenAI is telling Mac users to update ChatGPT, Codex, Atlas, and Codex Command Line Interface after a tainted software component touched its app-signing pipeline. (openai.com) OpenAI said the incident began on March 31, 2026, when a GitHub Actions workflow used to sign its macOS apps downloaded Axios version 1.14.1, a malicious release of a widely used JavaScript networking library. That workflow had access to the certificate and notarization material used to sign ChatGPT Desktop, Codex, Codex Command Line Interface, and Atlas. (openai.com) The company said it found no evidence that user data was accessed, that OpenAI systems or intellectual property were compromised, or that its software was altered. It revoked and rotated the affected macOS signing certificate anyway, and said older versions of its Mac apps may stop working after May 8, 2026. (openai.com) (9to5mac.com) A signing certificate works like a digital passport for software: Apple uses it to verify that an app really came from the developer named on the label. If attackers get near that trust chain, the immediate risk is not stolen chats but fake apps that look legitimate enough to pass basic checks. (openai.com) (theverge.com) Axios is not an OpenAI product; it is an open-source tool used by developers to move data over the web. Microsoft said two poisoned npm releases, Axios 1.14.1 and 0.30.4, were published on March 31, 2026, in a supply-chain attack tied to Sapphire Sleet, a North Korean state actor. (microsoft.com) Google’s threat intelligence team separately attributed the Axios attack to a North Korea-linked cluster it tracks as UNC1069. The company said the operation targeted the package’s maintainers and inserted malicious code into the dependency thousands of developers rely on. (cloud.google.com) OpenAI’s response was narrower than a full breach disclosure: it did not say attackers signed or shipped a malicious OpenAI app, and it framed the update as a precaution against someone trying to distribute a counterfeit app with old trust material. That is why the fix for users is simple but mandatory: install the latest Mac versions from OpenAI before the certificate cutoff takes effect. (openai.com) (forbes.com) The episode lands as software companies lean harder on automated build systems, where one compromised dependency can reach the machinery that packages and signs finished apps. In this case, OpenAI said the exposure sat in the release process, not in the ChatGPT conversations people typed into the product. (openai.com) (thehackernews.com) For Mac users, the practical change is less dramatic than the attack chain behind it: update now, or older OpenAI apps may lose support and eventually stop launching after May 8. OpenAI’s warning is really about restoring the trust label on its software after someone got too close to the stamp. (9to5mac.com) (openai.com)