OpenAI discloses supply‑chain security gap

OpenAI said on April 10 that a compromised third-party coding library touched its macOS app-signing workflow, and it told Mac users to update their apps. (openai.com) The company said it found no evidence that user data was accessed, its systems or intellectual property were compromised, or its software was altered. OpenAI said the issue involved Axios version 1.14.1, which a GitHub Actions workflow downloaded and executed on March 31, 2026, Coordinated Universal Time. (openai.com) That workflow handled a code-signing certificate and notarization material for ChatGPT Desktop, Codex App, Codex Command Line Interface, and Atlas on macOS. OpenAI said those credentials help Apple users verify that an app really came from OpenAI. (openai.com) A software supply-chain attack works by tampering with a trusted component, like a library or build step, so malicious code rides into a company’s own development pipeline. OpenAI said that is what happened here: a malicious Axios package ran inside the process used to sign Mac apps. (openai.com) OpenAI said its analysis suggests the signing certificate was “likely not successfully exfiltrated” because of timing, job sequencing, and other safeguards. The company said it is still treating the certificate as compromised, revoking it, rotating it, and publishing new builds signed with a replacement. (openai.com) The practical effect for users is a deadline. OpenAI said that, effective May 8, 2026, older versions of its affected macOS desktop apps will no longer receive updates or support and may stop functioning. (openai.com) OpenAI listed the earliest versions signed with the new certificate as ChatGPT Desktop 1.2026.051, Codex App 26.406.40811, Codex Command Line Interface 0.119.0, and Atlas 1.2026.84.2. It said users can update through the app itself or through official OpenAI download links. (openai.com) The company also said it hired a third-party digital forensics and incident response firm and worked with Apple to block new notarization attempts using the old certificate. OpenAI said it reviewed software notarized with the previous certificate and found no unexpected notarization activity. (openai.com) The wording marks a distinction OpenAI has made before between a vendor-linked security incident and a direct compromise of its own systems. In a separate November 2025 notice about Mixpanel, OpenAI similarly said the incident happened in a provider’s environment rather than inside OpenAI’s systems. (openai.com) OpenAI’s broader security page says it encrypts content in transit and at rest and subjects business products to outside audits and certifications, including System and Organization Controls 2 Type 2 and International Organization for Standardization 27001. This incident did not change those claims, but it did force a reset of the trust chain used to prove OpenAI’s Mac apps are legitimate. (openai.com)