OpenAI macOS certificate scare

OpenAI is telling every macOS user to update ChatGPT, Codex, Atlas and Codex CLI after a compromised developer tool touched its app-signing pipeline. (openai.com) OpenAI said the problem began on March 31, 2026, when a GitHub Actions workflow in its macOS signing process downloaded and executed a malicious version 1.14.1 of Axios, a widely used JavaScript library. That workflow had access to the certificate and notarization material used to sign ChatGPT Desktop, Codex, Codex CLI and Atlas for Apple computers. (openai.com) A signing certificate is the digital stamp that tells macOS an app really came from the named developer. OpenAI said the risk was not altered OpenAI software, but that an exposed certificate could help a fake app appear legitimate if an attacker ever got hold of it. (openai.com) OpenAI said it found no evidence that user data was accessed, that its systems or intellectual property were compromised, or that its software was changed. Reuters, CNBC and Axios all reported the same point after the company’s April 10 disclosure. (openai.com, reuters.com, cnbc.com, axios.com) The company responded by rotating its macOS certificates and requiring fresh app builds signed with the new credentials. OpenAI said all Mac users need the latest versions so macOS will trust the new signature instead of the old one. (openai.com, 9to5mac.com) OpenAI said older app versions will stop receiving updates and support after May 8, 2026, and some may stop working altogether. Reports citing the company listed early versions signed with the new certificate as ChatGPT Desktop 1.2026.071, Codex App 26.406.40811, Codex CLI 0.119.0 and Atlas 1.2026.84.2. (9to5mac.com, nerds.xyz) The incident sits inside a software supply-chain attack, where hackers poison a trusted dependency so downstream companies run malicious code without realizing it. The Verge reported that attackers inserted a script into Axios after gaining access to a maintainer account, turning routine package downloads into a delivery path for remote-access malware. (theverge.com, forbes.com) That matters on macOS because Apple’s Gatekeeper and notarization checks lean on those certificates to decide whether software looks safe enough to open. If a bad actor can sign an impostor app with a trusted developer identity, the warning screens users rely on become less useful. (support.apple.com, openai.com) OpenAI’s public guidance was narrow: update through the app or official OpenAI download pages, and replace any older Mac builds before the May 8 cutoff. The company said it is still investigating the broader incident and hardening the workflow that signs its Mac apps. (openai.com, indiatoday.in)