OpenAI reports security issue

OpenAI said on April 10 that a security issue involving the developer tool Axios did not expose user data, but it changed how it protects its Mac app certificates. (openai.com) The company said the issue was tied to Axios, a third-party software component used during development, and was part of a broader industry incident reported in March. OpenAI said it found no evidence that its systems, intellectual property, or customer information were accessed. (openai.com) Reuters reported on April 11 that OpenAI described the problem as affecting the process used to certify legitimate macOS applications. CNBC reported the company said it acted “out of an abundance of caution” to harden that certification path. (reuters.com) (cnbc.com) A developer tool is code that software makers use behind the scenes, not something most customers install directly. In this case, the concern was not ChatGPT conversations being read, but whether a compromised tool could interfere with the digital signature that tells macOS an app really came from OpenAI. (openai.com) (forbes.com) That matters because Apple’s code-signing system works like a tamper seal for software: it helps Macs distinguish official apps from altered or fake ones. OpenAI said it took steps to protect that process for its macOS applications after identifying the Axios-linked issue. (openai.com) (forbes.com) OpenAI did not say in its public post that customer accounts needed password resets or that chats had been exposed. Its statement focused on certificate protections and on the absence of evidence that user data, internal systems, or intellectual property were compromised. (openai.com) The episode fits a wider pattern of supply-chain attacks, where attackers target a trusted tool used by many companies instead of breaking into each company one by one. OpenAI said the Axios issue was part of a “widely reported” industry incident rather than a problem isolated to OpenAI alone. (openai.com) OpenAI has been emphasizing security more broadly in recent months, including launching a bug bounty program on March 25 and publishing multiple security updates in 2026. This disclosure adds a concrete example of the company tightening controls around software delivery, not just model safety. (openai.com 1) (openai.com 2) For Mac users, the practical point is narrow: OpenAI said it changed protections around app legitimacy, while saying it found no evidence that user data was accessed. The company’s public account framed the fix as preventing impostor or tampered macOS apps from being treated as real OpenAI software. (openai.com) (reuters.com)