OpenAI is rotating its macOS code-signing certificates after a supply chain attack targeting the Axios npm package compromised a GitHub Actions workflow used by the company.
On March 31, 2026, a legitimate OpenAI workflow downloaded and executed a compromised version of the Axios package (version 1.14.1). The malicious package was designed to deploy malware across macOS, Windows, and Linux systems.
The affected workflow had access to certificates used to sign several OpenAI macOS applications, including ChatGPT Desktop, Codex, Codex CLI, and Atlas.
Security measures and user impact
OpenAI stated that its investigation found no evidence that the signing certificates were actually compromised or used to distribute malware. However, the company is revoking the certificates as a precaution.
"Out of an abundance of caution we are taking steps to protect the process that certifies our macOS applications are legitimate OpenAI apps," OpenAI stated in a security advisory. "We found no evidence that OpenAI user data was accessed, that our systems or intellectual property were compromised, or that our software was altered."
Users must update their macOS applications to the latest versions to ensure they are signed with the new, secure certificates. OpenAI plans to fully revoke the old certificate on May 8, 2026, after which macOS will block any attempts to launch applications signed with the previous credential.
The incident does not affect OpenAI's web services, iOS, Android, Windows, or Linux applications. The company also confirmed that user accounts, passwords, and API keys remain secure.
Security researchers have linked the Axios supply chain attack to North Korean threat actors known as UNC1069. The group reportedly used social engineering, including fake Microsoft Teams and Slack invitations, to trick maintainers into installing malware that allowed for credential theft and downstream package manipulation.
