OpenAI to revoke macOS certificate on May 8, breaking older ChatGPT and Copilot Mac apps

Mac app certificates are one of those invisible things you never think about until they break. That is basically what OpenAI is warning about now. On Friday, April 10, 2026, the company said it is revoking and rotating the certificate used to sign several macOS apps after a supply-chain attack touched part of its app-signing workflow. If you are running an older Mac build of ChatGPT Desktop, Codex App, Codex CLI, or Atlas, the app may stop functioning after May 8, 2026. (openai.com) ### What actually happened? The root problem was not a bug in ChatGPT itself. OpenAI said a GitHub Actions workflow in its macOS app-signing process downloaded a malicious version of Axios 1.14.1 on March 31, 2026, during a broader industry supply-chain incident. That workflow had access to certificate (openai.com)is treating the certificate as compromised even though it says it found no evidence of user-data access, software tampering, or theft of the certificate itself. (openai.com) ### Why does a certificate matter so much? A macOS signing certificate is the thing that tells Apple and your Mac that an app really came from the developer it claims to come from. If that trust chain is in doubt, the safe move is to revoke the old certificate and issue a new one. The catch is that olde(openai.com)may stop launching or functioning normally once the revocation takes effect. That is why this is landing like a breaking change even though it is really a security cleanup. (openai.com) ### Which OpenAI apps are affected? OpenAI named four macOS products: ChatGPT Desktop, Codex App, Codex CLI, and Atlas. This is narrower than “all OpenAI software” and narrower than all Codex usage in general — the web products and non-macOS platforms are not the focus of this notice. Codex CLI itself a(openai.com)macOS signing path. (openai.com) ### Which versions are safe? OpenAI gave minimum versions that are signed with the updated certificate. They are ChatGPT Desktop 1.2026.051, Codex App 26.406.40811, Codex CLI 0.119.0, and Atlas 1.2026.84.2. If a managed fleet or an individual Mac is below those versions, the fix is simple in theory — up(openai.com) but that can still be messy inside locked-down enterprise environments. (openai.com) ### Is this only about the ChatGPT Mac app? No — but the ChatGPT Mac app is the one most regular users will recognize first. OpenAI’s macOS release notes also show recent security-related cleanup, including a February 13, 2026 note saying the app “phased out certificate pinning exceptions,” which sugges(openai.com)ktop client. This May 8 cutoff is the sharper step because it can strand older installs. (help.openai.com) ### Why should companies care? Because certificate problems do not fail gracefully. A model outage is obvious. A billing issue is obvious. But an expired or revoked trust chain can leave a perfectly normal-looking desktop app dead on launch, and that is exactly the kind of thing that burns time across IT, securi(help.openai.com)es, this turns into an endpoint-management problem fast. (openai.com) ### So what should users do now? Update before Thursday, May 8, 2026. That means checking the installed version, pushing the new build if devices are centrally managed, and not assuming auto-update has already handled it. If you use ChatGPT or Codex on the web, you may never notice any of this. But if y(openai.com) are about to age out for security reasons, not convenience. (openai.com)