OpenAI's response to the Axios developer tool compromise

Source: Hacker News

Security Incident Update – macOS App Signing

We recently identified a security issue involving a third‑party developer tool, Axios, that was part of a widely reported, broader industry incident. Out of an abundance of caution we are taking steps to protect the process that certifies our macOS applications as legitimate OpenAI apps.

We found no evidence that OpenAI user data was accessed, that our systems or intellectual property were compromised, or that our software was altered.

---

What happened?

• Date: March 31 2026 (UTC)
• Issue: Axios (a widely used third‑party library) was compromised as part of a broader software‑supply‑chain attack.
• Impact: A GitHub Actions workflow used in the macOS app‑signing process downloaded and executed a malicious version of Axios (v1.14.1).
• Scope: The workflow had access to the certificate and notarization material used for signing macOS applications, including ChatGPT Desktop, Codex, Codex‑CLI, and Atlas.

Our analysis concluded that the signing certificate was likely not exfiltrated due to the timing of payload execution, certificate injection, job sequencing, and other mitigating factors. Nevertheless, we are treating the certificate as compromised and are revoking and rotating it.

What we’re doing

• Engaged a third‑party digital forensics and incident response firm.
• Rotated our macOS code‑signing certificate.
• Published new builds of all relevant macOS products with the new certificate.
• Worked with Apple to ensure software signed with the previous certificate cannot be newly notarized.
• Reviewed all notarizations performed with the old certificate and confirmed no unexpected software was notarized.
• Validated that our published software did not have unauthorized modifications.

At this time, we have found no evidence of compromise or risk to existing software installations.

What you need to do

Update your macOS apps to the latest versions (via in‑app update or the official links below). This ensures you are running software signed with the new, trusted certificate.

• ChatGPT Desktop – update to ≥ 1.2026.051
• Codex App – update to ≥ 26.406.40811
• Codex CLI – update to ≥ 0.119.0
• Atlas – update to ≥ 1.2026.84.2

Effective May 8 2026, older versions will no longer receive updates or support and may stop functioning. These are the earliest releases signed with the updated certificate (listed above).

Frequently Asked Questions

Were OpenAI products or user data compromised?

No. No evidence of product or user‑data compromise.

Have you seen malware signed as OpenAI?

No. No evidence that the potentially exposed notarization and code‑signing material has been misused.

Do I need to change my password?

No. Passwords and OpenAI API keys were not affected.

Does this affect iOS, Android, Linux, or Windows?

No. Only macOS apps are impacted; web versions are unaffected.

Why are you asking me to update my Mac apps?

The exposed GitHub Actions workflow was involved in macOS app signing. Rotating the notarization and code‑signing material protects users. Updating ensures you run versions signed with the new certificate.

Where do I download the updated macOS apps?

• Use in‑app updates or download from the official OpenAI webpages.
• Do not install apps from email links, messages, ads, or third‑party download sites. Be cautious of unexpected “OpenAI,” “ChatGPT,” or “Codex” installers sent through any channel.

What happens after May 8 2026?

Older versions (listed above) will no longer receive updates or support and may cease to function. New downloads and launches of apps signed with the previous certificate will be blocked by macOS security protections.

Root Cause

A misconfiguration in the GitHub Actions workflow caused the issue:

• The action used a floating tag instead of a specific commit hash.
• No minimumReleaseAge was configured for new packages.

These have been corrected.

Revoking the Certificate Immediately?

We have worked to block any further notarization of macOS apps with the impacted notarization material. This means that any fraudulent app posing as an OpenAI app using the impacted certificate will lack notarization, and therefore will be blocked by default by macOS security protections unless a user explicitly bypasses those protections.

Because new notarization with the previous certificate is blocked, and because the revocation may cause macOS to block new downloads and first‑time launches of apps signed with the previous certificate, we are giving our users a 30‑day window to update to minimize disruption. This window will:

• Help reduce user risk.
• Allow impacted clients to update through built‑in update mechanisms.
• Ensure that all installations are appropriately remediated.

We are working with our partners to monitor for any indicators of misuse of the signing certificate, and we will accelerate the revocation timeline if we identify malicious activity during this window.