OpenAI Axios security scare

OpenAI said on April 10 that one of its internal tools downloaded a compromised update tied to Axios, a developer library used in software projects. (openai.com) The company said it found no evidence that user data was accessed, its systems or intellectual property were compromised, or its software was altered. Reuters reported the disclosure on April 10. (openai.com) (reuters.com) OpenAI said the risk involved the process that proves its macOS apps are genuine. It is rotating certificates, updating notarization materials, and telling Mac users to update to the latest versions of ChatGPT and API Platform apps. (openai.com) (cybernews.com) A certificate in this case works like a digital ID card for software. If attackers stole it, they could try to make a fake OpenAI app appear legitimate to a Mac user. (axios.com) (openai.com) The incident sits in the software supply chain, where developers rely on outside code packages that can be updated automatically. OpenAI said the Axios issue was part of a broader industry incident, not a break-in of OpenAI’s own systems. (openai.com) (cnbc.com) Axios reported that OpenAI found evidence an internal tool downloaded the infected software in March 2026. The outlet said the exposure could have allowed exfiltration of a certificate, though OpenAI said it has not seen that happen. (axios.com) (openai.com) OpenAI’s public notice did not say how many systems were affected or name any customers impacted. Its statement focused on Mac app trust controls and on steps users should take now. (openai.com) That makes this less about stolen chats than about software authenticity. OpenAI’s response is aimed at making sure future macOS warnings and signatures still tell users whether an app really came from OpenAI. (openai.com) (cybernews.com)