OpenAI flags Axios issue

OpenAI said on April 10 that a compromised copy of Axios touched part of its macOS app-signing workflow, and the company is rotating certificates. (openai.com) Axios is a JavaScript library developers use to move data between apps and servers, like a courier for web requests. OpenAI said a GitHub Actions job in its macOS signing process downloaded and ran a malicious Axios version, 1.14.1, on March 31, 2026. (openai.com) That job had access to the certificate and notarization material OpenAI uses to prove ChatGPT Desktop, Codex, Codex Command Line Interface, and Atlas are legitimate macOS apps. OpenAI said it found no evidence that user data, systems, intellectual property, or released software were compromised. (openai.com) A signing certificate works like an official seal on software. If attackers stole it, they could try to make a fake app look like it came from OpenAI, which is why the company said it is revoking and replacing the certificate even though its review found exfiltration was unlikely. (openai.com) The incident sits inside a larger software supply-chain attack, where hackers tamper with a trusted building block so downstream companies ingest the malware automatically. Microsoft said on April 1 that the Axios npm compromise hit March 31 and attributed the activity to the North Korea-linked group Sapphire Sleet. (microsoft.com) Google Threat Intelligence Group said the attacker inserted a malicious dependency into Axios versions 1.14.1 and 0.30.4 between 00:21 and 03:20 Coordinated Universal Time on March 31. The payload used a package called plain-crypto-js to pull commands from attacker-controlled infrastructure. (cloud.google.com) OpenAI said all macOS users must update to newly signed versions of its apps. The earliest safe builds it listed are ChatGPT Desktop 1.2026.051, Codex App 26.406.40811, Codex Command Line Interface 0.119.0, and Atlas 1.2026.84.2. (openai.com) The company said older macOS versions will stop receiving updates or support on May 8, 2026, and may stop working. CNBC reported OpenAI also said passwords and OpenAI application programming interface keys were not affected, and that it has fixed the GitHub Actions misconfiguration tied to the incident. (cnbc.com) OpenAI said it hired a third-party digital forensics firm, reviewed past notarizations tied to the old certificate, and is working with Apple to block new notarization with that certificate. The company’s immediate message to Mac users is simple: update now so OpenAI’s seal still means OpenAI. (openai.com)