OpenAI
OpenAI identified security issue. Know all details
AI major OpenAI has disclosed a recent security issue involving a third-party developer library, Axios, as part of a broader industry-wide software supply chain attack.
In an official statement, OpenAI said, “We recently identified a security issue involving a third-party developer tool, Axios, that was part of a widely reported, broader industry incident.”
The company emphasized that, as a precautionary measure, it is taking steps to strengthen the integrity of its macOS application certification process to ensure that only legitimate OpenAI apps are recognized.
Reassuring users, OpenAI stated that there is no evidence suggesting that user data was accessed, internal systems or intellectual property were compromised, or any software was altered.
What Happened?
According to the company, the incident dates back to March 31, 2026 (UTC), when Axios—widely used in software development—was compromised in a supply chain attack.
During this period, a GitHub Actions workflow used by OpenAI in its macOS app-signing process inadvertently downloaded and executed a malicious version of Axios (version 1.14.1). This workflow had access to sensitive signing infrastructure, including certificates and notarization materials used for authenticating macOS applications such as ChatGPT Desktop, Codex, Codex CLI, and Atlas.
These certificates are critical for verifying that applications originate from a legitimate developer—in this case, OpenAI.
Risk Assessment and Response
OpenAI noted that its internal analysis indicates the signing certificate was likely not exfiltrated by the malicious payload. This assessment is based on factors such as the timing of the payload execution, the sequencing of the workflow, and additional safeguards in place.
However, exercising caution, the company has decided to treat the certificate as potentially compromised. As a result, it is revoking and rotating the affected certificates.
Steps for Users
OpenAI announced that it is updating its security certificates, which will require all macOS users to update their OpenAI applications to the latest versions.
“This helps prevent any risk—however unlikely—of someone attempting to distribute a fake app that appears to be from OpenAI,” the company said.
Additionally, OpenAI confirmed that starting May 8, 2026, older versions of its macOS desktop applications will no longer receive updates or support and may stop functioning altogether.
Support Our Journalism
We cannot do without you.. your contribution supports unbiased journalism
IBNS is not driven by any ism- not wokeism, not racism, not skewed secularism, not hyper right-wing or left liberal ideals, nor by any hardline religious beliefs or hyper nationalism. We want to serve you good old objective news, as they are. We do not judge or preach. We let people decide for themselves. We only try to present factual and well-sourced news.
Support objective journalism for a small contribution.
