OpenAI expands — and patches trust

OpenAI is buying personal finance startup Hiro even as it rotates macOS app certificates after a software supply-chain scare. (engadget.com) (openai.com) OpenAI confirmed the Hiro deal on April 13 after founder Ethan Bloch announced it, and the terms were not disclosed. Hiro said its product will stop working on April 20 and user data will be deleted from its servers on May 13. (techcrunch.com) (engadget.com) Hiro was founded in 2024 and launched its consumer tool about five months ago. The app asked users for salary, debt, and monthly spending, then modeled financial what-if scenarios with an accuracy-check feature for math. (techcrunch.com) The purchase is OpenAI’s second startup deal announced in about two weeks, after its early-April acquisition of Technology Business Programming Network, a media company known for a daily tech podcast. Engadget also reported that OpenAI released Prism earlier this year, a research product tied to another startup acquisition. (engadget.com) At the same time, OpenAI said on April 10 that a compromised version of the Axios developer library was executed in a GitHub Actions workflow used to sign its macOS apps. That workflow had access to the certificate and notarization material for ChatGPT Desktop, Codex App, Codex Command Line Interface, and Atlas. (openai.com) (cnbc.com) A signing certificate is the digital stamp that tells a Mac app it really came from the named developer. OpenAI said it found no evidence that user data, internal systems, intellectual property, or published software were compromised, but it revoked and rotated the certificate anyway. (openai.com) (cnbc.com) OpenAI said the malicious Axios package was downloaded on March 31, 2026 Coordinated Universal Time, during a broader industry attack. The company said its analysis found the certificate was likely not successfully exfiltrated, but it still treated the credential as compromised. (openai.com) All macOS users of OpenAI apps now need to update to the latest versions. OpenAI said older versions will stop receiving updates or support on May 8, 2026, and may stop working. (openai.com) (cnbc.com) The company said it hired a third-party digital forensics and incident response firm, published new builds signed with a new certificate, and worked with Apple so software signed with the old certificate cannot be newly notarized. OpenAI also said passwords and OpenAI application programming interface keys were not affected. (openai.com) (cnbc.com) The result is a split-screen week for OpenAI: new hires and product reach from Hiro, and a forced cleanup on the Mac software it already ships. By May 8, the company will have to show both that the new certificate rollout worked and that its next expansion can land without another trust repair job. (techcrunch.com) (openai.com)