OpenAI macOS warning

OpenAI told macOS users to update ChatGPT and its other Mac apps immediately after a security issue touched the system that proves those apps are genuine. (openai.com) The company said on April 10, 2026 that a GitHub Actions workflow in its macOS signing process downloaded Axios version 1.14.1, a compromised release of a widely used JavaScript networking library, on March 31. That workflow had access to the certificate and notarization material used to sign ChatGPT Desktop, Codex App, Codex CLI, and Atlas. (openai.com) A signing certificate is the digital stamp that tells macOS an app really came from the developer it claims to be. OpenAI said it found no evidence that user data was accessed, its systems or intellectual property were compromised, or its software was altered. (openai.com) OpenAI said its analysis suggests the certificate was “likely not successfully exfiltrated,” citing the timing of the malicious payload and the way the job was sequenced. Even so, it revoked the old certificate, issued a new one, and published fresh Mac builds signed with the replacement. (openai.com) That certificate change creates the deadline for users. OpenAI said that effective May 8, 2026, older versions of its macOS desktop apps will no longer receive updates or support and “may not be functional.” (openai.com) The earliest Mac versions signed with the new certificate are ChatGPT Desktop 1.2026.051, Codex App 26.406.40811, Codex CLI 0.119.0, and Atlas 1.2026.84.2. OpenAI said users should update through the in-app updater or the official download links for those apps. (openai.com) The underlying incident was bigger than OpenAI. Microsoft said on April 1 that malicious Axios packages 1.14.1 and 0.30.4 were pushed through the Node Package Manager, or npm, and that the code downloaded a remote-access trojan for macOS, Windows, and Linux. (microsoft.com) Microsoft attributed the infrastructure behind that Axios compromise to Sapphire Sleet, a North Korean state actor, and told organizations that installed those versions to rotate secrets and credentials immediately. Elastic said a compromised maintainer account published the backdoored releases and that the malware arrived through a post-install script hidden in a fake dependency. (microsoft.com, elastic.co) OpenAI said it also hired a third-party digital forensics and incident response firm, reviewed notarizations made with the old certificate, and found no unexpected software notarization using those keys. For Mac users, the practical fix is simple: install the latest OpenAI app builds before May 8, 2026. (openai.com)