OpenAI is rotating potentially exposed macOS code-signing certificates after a GitHub Actions workflow executed a malicious Axios package version 1.14.1 during a supply chain attack on March 31, 2026. The compromised workflow had access to certificates used to sign macOS applications including ChatGPT Desktop, Codex, Codex CLI, and Atlas. While the company's investigation found no evidence that signing certificates were actually compromised or that user data was accessed, OpenAI is treating them as potentially exposed out of caution.
The company is working with Apple to ensure no future software can be notarized with the previous certificate, which will be fully revoked on May 8. macOS users must update their apps to versions signed with the new certificate, as older versions will stop functioning after the revocation date. The incident affects only macOS applications and does not impact web services or apps on iOS, Android, Windows, or Linux, nor were user accounts or API keys compromised.
The Axios attack has been linked to North Korean threat actors tracked as UNC1069, who conducted social engineering campaigns against project maintainers using fake web conferences to install malware and gain account access. The malicious Axios package published to npm included dependencies that installed remote access trojans across macOS, Windows, and Linux systems. OpenAI advises users to update through official channels and avoid installing software from links sent via email or third-party sites. The company may accelerate the revocation timeline if any suspicious activity involving the old certificate is detected.
Read more...