“`html
OpenAI has revealed a security breach connected to the compromise of Axios, a commonly utilized third-party JavaScript developer library, as part of a wider software supply chain assault identified on March 31, 2026.
Though the organization assured no user information, API keys, or systems were breached, it is adopting robust precautionary strategies to safeguard its macOS application certification framework.
On March 31, 2026 (UTC), adversaries believed to be associated with North Korea commandeered the npm account of an Axios library maintainer and deployed harmful updates, specifically versions v1.14.1 and v0.30.4.
These compromised iterations discreetly added a concealed dependency named plain-crypto-js, which operated as a cross-platform Remote Access Trojan (RAT) capable of affecting Windows, macOS, and Linux environments.
According to Palo Alto Networks’ Unit 42, this malware was designed to conduct system reconnaissance, establish persistence, and subsequently self-destruct to avoid forensic identification.
Axios ranks among the most extensively downloaded JavaScript libraries, achieving over 100 million weekly downloads, rendering the scope of this supply chain attack particularly considerable.
OpenAI’s Incident Management
OpenAI’s internal build pipeline utilized Axios as part of its GitHub Actions process. When the workflow automatically retrieved the now-harmful Axios update, the compromised library gained access to certificate and notarization assets used to digitally sign OpenAI’s macOS applications, including ChatGPT Desktop, Codex, and Atlas.
This form of access is crucial: code-signing certificates serve as trust anchors that confirm to Apple’s systems and the App Store that an application genuinely originates from its asserted publisher.
If an assailant had leveraged this access, they could hypothetically have produced counterfeit OpenAI applications bearing a legitimate certificate, misleading both end-user devices and the App Store into recognizing them as genuine. OpenAI confirmed that the root cause was a misconfiguration in its GitHub Actions process, which has since been corrected.
OpenAI has acted swiftly to contain the potential implications. The company is revoking and rotating all macOS security certificates to invalidate any trust assets that may have been exposed during the incident.
All macOS users are now mandated to update their OpenAI applications ChatGPT, Codex, Atlas, and Codex CLI to the most recent versions to receive the refreshed certificates. OpenAI stressed that users do not need to alter passwords, as passwords and API keys remained completely unaffected by this incident.
Importantly, after May 8, 2026, older versions of these macOS applications will no longer receive updates and support, and may become entirely non-functional. Users can update securely via an in-app update prompt or through official download links provided by OpenAI.
The effect of the attack on OpenAI was confined solely to macOS applications. Applications on Android, Linux, and Windows platforms were not impacted. OpenAI reiterated that it found no evidence of user data exfiltration, system compromise, or software alteration.
This incident highlights the escalating threat of software supply chain attacks aimed at developer tooling, a vector increasingly preferred by sophisticated state-linked adversaries.
Organizations relying on open-source libraries via automated CI/CD pipelines should implement dependency pinning, integrity verification, and workflow audits as standard security procedures to minimize exposure to similar incidents.
“`