OpenAI flags Axios supply‑chain issue

OpenAI said on April 10 that one of its internal tools downloaded a poisoned update from Axios, a JavaScript library used by developers to move data between apps and servers. OpenAI said it found no evidence that user data was accessed, no sign its systems or intellectual property were compromised, and no indication its software was altered. (openai.com) Axios is not an OpenAI product. It is a widely used open-source package in the JavaScript world, and the Axios maintainers said two malicious versions, 1.14.1 and 0.30.4, were published to the Node Package Manager registry on March 31 through a compromised maintainer account. (github.com) That kind of attack is called a software supply-chain compromise. Instead of breaking into OpenAI directly, an attacker slips malicious code into a trusted building block and waits for companies to install it as part of a normal update. (github.com) In this case, the Axios maintainers said the bad releases pulled in a package called plain-crypto-js version 4.2.1, and that package installed a remote access trojan on macOS, Windows, and Linux. A remote access trojan is malware that can give an outsider a hidden door into a machine. (github.com) OpenAI said the affected system was tied to the process that certifies its macOS apps as legitimate OpenAI software. Code signing is the digital wax seal that tells your Mac an app really came from the company that claims to have made it. (openai.com) Because that seal matters, OpenAI said it is taking extra steps to protect the certification process for its macOS applications. CNBC reported on April 11 that the company described the issue as limited to that developer-tool workflow rather than a broader breach of customer systems. (openai.com) (cnbc.com) The Axios maintainers said the malicious versions were removed from the registry, and community warnings identified version 1.14.1 and version 0.30.4 as the releases to avoid. That means the danger came from a short window in late March, not from every version of Axios ever published. (github.com 1) (github.com 2) OpenAI’s disclosure fits a pattern security teams now follow more often: tell users when a trusted dependency was touched, even if the investigation finds no evidence of stolen data. The point is that modern software is built from layers of outside code, and one bad layer can force even a large company to rotate keys, rebuild systems, or recheck how it signs apps. (openai.com 1) (openai.com 2)