OpenAI Supply‑Chain Issue
OpenAI disclosed a security issue involving the third‑party library Axios and said no user data was accessed, calling the incident a software supply‑chain attack and pledging tighter app‑certification. The company described the attacker as a suspected state actor and said it would harden processes around third‑party tools. The disclosure has been framed as an operational trust event for model ecosystems where access to prompts and outputs matters. (enterpriseai.economictimes.indiatimes.com)
OpenAI said on April 10 that a software supply-chain attack reached part of its macOS app-signing workflow, but it found no evidence of user-data access. (openai.com) The company said a malicious version of Axios, version 1.14.1, was downloaded and executed on March 31, 2026, through a GitHub Actions workflow used in its macOS signing process. That workflow had access to code-signing certificates and notarization material for ChatGPT Desktop, Codex, Codex-cli, and Atlas. (openai.com) OpenAI said it found no evidence that its systems or intellectual property were compromised, that its software was altered, or that attackers used the exposed materials to distribute fake apps. It still revoked and rotated its macOS certificates and said all macOS users should update to the latest app versions. (openai.com; bleepingcomputer.com) A software supply-chain attack works by poisoning a trusted building block, such as a popular open-source library, so downstream companies pull in malicious code during routine development. In this case, the risk centered on app-signing materials, which are the digital stamps Apple devices use to verify that software comes from a legitimate developer. (openai.com; forbes.com) That made the incident less about stolen chat histories than about trust in distribution: a stolen certificate can help a fake app look authentic to users and operating systems. Axios, citing OpenAI, reported that the company had not seen evidence of that outcome. (axios.com; openai.com) OpenAI described the broader Axios compromise as part of an attack by actors it believed were linked to North Korea. SecurityWeek separately reported that multiple organizations were affected by the same campaign. (openai.com; securityweek.com) The company said it is tightening how internal tools are certified, reducing exposure around third-party dependencies, and hardening the processes that touch signing credentials. Those steps follow another public security disclosure in December 2025, when OpenAI said a Mixpanel incident exposed limited analytics data but not API content, credentials, or payment details. (openai.com; openai.com) The episode lands as OpenAI runs more desktop software and developer tools alongside ChatGPT, making its software pipeline a bigger target than a browser-only service. The immediate fix is simple: update the macOS apps; the longer test is whether tighter controls keep trusted tools from becoming the next point of entry. (openai.com; openai.com)
