OpenAI: security, London office, attack

OpenAI is dealing with three separate April shocks at once: a software supply-chain scare, a London expansion, and a criminal attack tied to fears about artificial intelligence. (openai.com) On April 10, OpenAI said a third-party developer tool called Axios had been compromised in a broader industry incident and that the affected workflow touched the process used to certify its macOS apps as legitimate. The company said it found no evidence that user data, internal systems, or intellectual property were accessed. (openai.com) Axios is a widely used JavaScript package that helps software connect to the internet, and security researchers said malicious versions were briefly pushed to the npm code repository on March 31. Google and Microsoft linked that supply-chain attack to a North Korea-connected threat actor. (cloud.google.com) (microsoft.com) OpenAI told users to update its macOS apps while it rotated credentials and hardened the app-signing process. That response matters because app-signing is the system that tells a Mac whether a download really came from the claimed developer. (openai.com) (cnbc.com) Three days later, on April 13, OpenAI said it had signed a lease for its first permanent London office in King’s Cross. Reuters and CNBC reported the site has room for more than 500 employees, with Reuters putting the capacity at 544 desks in an 88,500-square-foot space. (cnbc.com) (independent.co.uk) The London move expands a foothold OpenAI began in 2023, when it opened its first international office there for research, engineering, and go-to-market staff. OpenAI and the United Kingdom government also signed a memorandum of understanding in 2025 covering adoption, infrastructure, and technical exchange. (openai.com 1) (openai.com 2) The office announcement came days after OpenAI paused its United Kingdom Stargate data-center project. CNBC reported the company cited high industrial energy costs and the regulatory environment as factors in halting that buildout. (cnbc.com) A data center and an office solve different problems: one supplies power and computing capacity for training and running models, while the other houses researchers, engineers, and sales teams. OpenAI’s April moves show it is still adding people in Britain even as it pulls back from a capital-heavy infrastructure project there. (cnbc.com) (openai.com) At the same time, prosecutors said a man accused of throwing a lit Molotov cocktail at Chief Executive Sam Altman’s San Francisco home is being charged with attempted murder. CNBC reported investigators said the suspect wrote that artificial intelligence could cause human extinction and that he intended to kill Altman. (cnbc.com) The Los Angeles Times reported suspects were arrested after the attack and said authorities were also examining damage at OpenAI’s San Francisco headquarters. No injuries were reported in the home attack. (latimes.com) (cnbc.com) Taken together, the week’s events show how OpenAI now faces three kinds of pressure at once: securing the software supply chain behind its products, building a long-term base in Europe, and protecting executives as anxiety around artificial intelligence turns violent in isolated cases. (openai.com) (cnbc.com) (latimes.com)