OpenAI app-signing bug
OpenAI disclosed a security issue tied to a third-party developer tool called Axios and said it found the problem without user data being accessed, raising questions about the safety of the surrounding developer toolchain rather than the model itself. The company said it is taking steps to protect the process that certifies its macOS applications as legitimate software, a reminder that modern AI products inherit risk from their tooling and app-signing flows. (reuters.com)
OpenAI said on April 10 that one of the tools in its Mac software pipeline pulled in a compromised version of Axios, a widely used programming library, and that it found no evidence user data, systems, intellectual property, or shipped software were altered. (openai.com) The risk was not “the model went rogue.” The risk was the software supply chain: a company can write its own code carefully and still get hit if a trusted outside component is poisoned upstream. (axios.com) Axios is a JavaScript library that developers use to send and receive data over the internet, the way a courier carries messages between an app and a server. OpenAI said that library was part of a broader industry incident, which means the weak point sat in a shared tool used by many teams, not in ChatGPT itself. (openai.com) The specific place OpenAI is protecting now is app signing on macOS, which is Apple’s stamp-of-authenticity system for software. When a Mac app is signed and notarized, your computer treats it as software from a known developer rather than a random file from the internet. (support.apple.com, support.apple.com) That matters because if attackers ever get near signing tools or certificates, they may be able to make fake apps look real enough to slip past ordinary trust checks. OpenAI said it is rotating the materials used to certify its Mac apps and telling users to install the latest versions as a precaution. (openai.com, 9to5mac.com) OpenAI’s update notice covers ChatGPT Desktop, Codex, Codex Command Line Interface, and Atlas on macOS. The company’s public statement says the issue was identified in a workflow tied to Mac app certification, not in customer conversations or model outputs. (openai.com, 9to5mac.com) Reuters reported the disclosure on April 10, and OpenAI’s own statement used unusually careful language: “out of an abundance of caution.” Companies use that phrase when they have not found confirmed downstream damage but see enough exposure to rotate keys, replace certificates, and close the window fast. (reuters.com, openai.com) This is the part of artificial intelligence security that gets less attention than model behavior. A modern artificial intelligence product depends on package registries, build servers, automation scripts, cloud permissions, and signing certificates, and any one of those can become the real attack surface. (socket.dev, openai.com) So the story here is narrower and more unsettling at the same time: OpenAI is saying the core systems were not breached, but the plumbing around how software becomes “official” was close enough to a compromised dependency that it had to swap out trust materials and push Mac users to update. (openai.com, reuters.com)
