OpenAI macOS Warning

OpenAI is telling Mac users to update the ChatGPT and Codex apps after a compromised developer tool touched the company’s app-signing pipeline. (openai.com) OpenAI said it detected the issue on March 31, 2026, when a GitHub Actions workflow in its macOS signing process downloaded a malicious version of Axios, version 1.14.1. The workflow had access to the certificate and notarization material used to sign ChatGPT Desktop, Codex, Codex-cli, and Atlas for macOS. (openai.com) A software supply-chain attack works by poisoning a tool developers trust, so the bad code arrives through a normal update path instead of a fake download. OpenAI said it found no evidence that user data was accessed and no evidence that its systems or intellectual property were compromised. (openai.com) (cnbc.com) The immediate fix is a certificate reset: OpenAI said it is revoking the old signing material and requiring fresh, properly signed versions of its Mac apps. The company said users should install the latest releases published on April 10, 2026. (openai.com) (9to5mac.com) Several reports said Mac users who do not update by May 8, 2026, will lose access to the affected apps because older versions will stop passing OpenAI’s new verification checks. OpenAI’s public post describes the certificate rotation and update requirement, but the May 8 cutoff has been reported by secondary outlets rather than highlighted in the company’s own notice. (technobezz.com) (letsdatascience.com) (openai.com) The warning lands as OpenAI pushes more desktop software to Mac users, including the Codex app it introduced for macOS in February 2026. OpenAI’s developer docs say the Codex app is available on macOS and included with several ChatGPT plans, widening the number of users affected by a signing change. (openai.com) (developers.openai.com) OpenAI said the problem came from a third-party package, not from a break-in to ChatGPT accounts or customer conversations. Reuters, via CNBC and other syndications, reported the broader Axios compromise has been linked by researchers to a wider campaign tied to North Korean actors, though OpenAI’s own statement did not assign blame. (cnbc.com) (aol.com) (openai.com) For Mac users, the practical change is simple: install the newest ChatGPT or Codex build signed with OpenAI’s replacement certificate before the old trust chain is retired. OpenAI’s message is that the apps remain usable after the update, but the older signed versions will not. (openai.com) (9to5mac.com)