OpenAI’s macOS app-signing process was affected by the axios supply chain attack, leading it to revoke and rotate its macOS app certificates “out of an abundance of caution,” the company said Friday.The widely used axios HTTP client library, which has about 100 million weekly downloads and more than 174,000 dependents, was compromised two weeks ago after a successful social-engineering attack on its lead maintainer, Jason Saayman. The Google Threat Intelligence Group has attributed the attack to the North Korean threat group UNC1069.Attackers published two malicious axios updates, [email protected] and [email protected], directly to npm from Saayman’s compromised account. These updates added a dependency with a malicious postinstall script that led to installation of a remote access trojan (RAT).While the malicious updates were only live for about three hours, OpenAI said a GitHub Actions workflow used for its macOS app-signing process automatically downloaded and executed the malicious version 1.14.1 on March 31, 2026.The affected workflow had access to a certificate and notarization material used to sign OpenAI’s macOS apps, including ChatGPT Dekstop, Codex, Codex-cli and the Atlas browser, OpenAI said. While the company said they do not believe the certificate was successfully exfiltrated by the attacker, the decision was made to treat the certificate as compromised.As a result, versions of OpenAI’s macOS apps signed with the old certificate will no longer be supported starting May 8, 2026, and new downloads or launches of these app versions will be automatically blocked by macOS security features.The earliest app versions signed by the new certificate are ChatGPT Desktop 1.2026.051, Codex App 26.406.40811, Codex CLI 0.119.0 and Atlas 1.2026.84.2.OpenAI said it has found no evidence that any user data or intellectual property were compromised or that any of the company’s systems or software were breached. The company worked with Apple to ensure no new software signed with the old certificate can be newly notarized and engaged a third-party forensics and incident response firm to respond to the incident.The root cause of the incident was found to be misconfiguration in the affected GitHub Actions workflow, which used a floating tag rather than a specific commit hash and did not set a minimumReleaseAge for new packages, which could have prevented installation of the compromised version. “We have found no evidence that the potentially exposed notarization and code signing material have been misused, and we have confirmed all notarization events with the impacted material were expected,” the company wrote in an FAQ regarding the incident.OpenAI advised users of its macOS apps to update to versions signed with the new certificate to prevent interruptions and warns against installing any OpenAI apps from unofficial sources.OpenAI is the first major company to report being affected by the axios supply chain attack. However, according to Wiz, axios is present in about 80% of cloud and code environments, and the company reported “observed execution in 3% of affected environments.”
Application security, AI/ML, Generative AI, Supply chain

OpenAI’s macOS app-signing process hit by axios supply chain attack

(Credit: Alina – stock.adobe.com)

Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



