OpenAI has revoked and rotated the code-signing certificates for its macOS applications following a supply chain attack that impacted its GitHub Actions workflow. The incident, which occurred on March 31, 2026, involved the malicious Axios JavaScript library being downloaded and executed by the signing process. While OpenAI states no user data or internal systems were compromised, the compromised workflow had access to sensitive signing materials, prompting immediate action to protect users.

Key Takeaways

• OpenAI's macOS app-signing process was compromised via a malicious version of the Axios library.

• Code-signing certificates for ChatGPT Desktop, Codex, Codex CLI, and Atlas were affected.

• No evidence of user data compromise or system breach was found.

• Older macOS app versions will cease receiving updates and support starting May 8, 2026.

The Axios Supply Chain Attack

The incident originated from a supply chain attack targeting the popular npm package, Axios. Threat actors, attributed to the North Korean hacking group UNC1069, compromised the account of a lead maintainer and published malicious versions of the library. These poisoned versions contained a backdoor that could deploy malware across Windows, macOS, and Linux systems.

OpenAI's automated GitHub Actions workflow, used for signing its macOS applications, inadvertently downloaded and executed Axios version 1.14.1 on March 31, 2026. This workflow had access to the necessary certificates and notarization materials required to authenticate OpenAI's macOS software.

Impact and Remediation Efforts

Despite OpenAI's analysis indicating that the signing certificate was likely not successfully exfiltrated, the company is treating it as compromised out of an abundance of caution. As a result, older versions of OpenAI's macOS desktop apps signed with the previous certificate will no longer receive updates or support after May 8, 2026. Furthermore, these older versions will be blocked by macOS security protections, preventing them from being downloaded or launched.

Newer versions of the affected applications, signed with the updated certificate, include ChatGPT Desktop 1.2026.071, Codex App 26.406.40811, Codex CLI 0.119.0, and Atlas 1.2026.84.2.

OpenAI is collaborating with Apple to ensure that no new software signed with the compromised certificate can be notarized. This measure, along with the 30-day window before full revocation, aims to minimize user disruption and allow ample time for updates.

Broader Implications and User Advice

The Axios compromise is one of several significant supply chain attacks that have targeted the open-source ecosystem recently. These attacks highlight the inherent trust developers place in open-source repositories and the potential for widespread impact when these dependencies are compromised.

OpenAI advises all macOS users to update their applications to the latest versions signed with the new certificate. Users should obtain software directly from official download pages or through in-app update features and exercise caution regarding software from unofficial sources.

By staying vigilant and adopting safe browsing practices, users can significantly reduce their exposure to these evolving threats. As cyber threats continue to evolve, your security strategy needs to evolve with them. BetterWorld Technology delivers adaptive cybersecurity solutions designed to keep your business secure while supporting innovation. Connect with us today to schedule a personalized consultation.

Sources

• OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident, The Hacker News.

• OpenAI’s macOS app-signing process hit by axios supply chain attack | news, SC Media.

• OpenAI rotates macOS certs after Axios attack hit code-signing workflow, BleepingComputer.

• OpenAI Rotates macOS Signing Certificates After Axios Compromise, Let's Data Science.