OpenAI flags third‑party security issue

OpenAI said on April 10 that it found a security issue tied to the third-party developer tool Axios and saw no evidence that user data was accessed. (openai.com) The company said the issue affected the process used to sign its macOS apps, which tells Apple users that software really came from OpenAI. OpenAI said all macOS users must update ChatGPT Desktop, Codex App, Codex Command Line Interface, and Atlas to versions signed with a new certificate. (openai.com) OpenAI said a GitHub Actions workflow in its macOS app-signing process downloaded and ran a malicious Axios version, 1.14.1, on March 31, 2026 Coordinated Universal Time. That workflow had access to a signing certificate and notarization material for several OpenAI macOS apps. (openai.com) A signing certificate works like a digital passport for software, and notarization is Apple’s extra check that an app is legitimate. OpenAI said its analysis found the certificate was likely not successfully stolen, but it is revoking and rotating the certificate anyway. (openai.com) The company said it found no evidence that its systems or intellectual property were compromised, and no evidence that its published software was altered. It also said it reviewed software notarization tied to the old certificate and found no unexpected notarization activity. (openai.com) Older macOS versions signed with the previous certificate will stop receiving updates or support on May 8, 2026, and OpenAI said they may stop functioning. The earliest releases signed with the new certificate include ChatGPT Desktop 1.2026.051 and Codex Command Line Interface 0.119.0. (openai.com) Axios is a widely used JavaScript library that developers use to make web requests inside apps and automated build systems. Its maintainers said malicious Axios versions 1.14.1 and 0.30.4 were published to the Node Package Manager registry on March 31 and were removed after about three hours. (github.com) Microsoft and Google said the poisoned Axios packages pulled in a malicious dependency that could install remote-access malware on macOS, Windows, and Linux. Microsoft attributed the infrastructure behind the compromise to Sapphire Sleet, a North Korean state actor, while Google linked the activity to a North Korea-nexus group it tracks as UNC1069. (microsoft.com) (cloud.google.com) Reuters reported OpenAI’s disclosure on April 10 after the company published its incident note the same day. OpenAI said it also hired a third-party digital forensics and incident response firm and is working with Apple to block new notarization attempts with the previous certificate. (reuters.com) (openai.com)