OpenAI has taken action after a security breach involving the Axios HTTP library led to potential risks for its macOS applications.
Hackers managed to gain access to an account linked to an Axios maintainer and slipped in a malicious script that allowed remote access across Windows, macOS, and Linux systems. This altered version raised concerns that some OpenAI apps could have been affected.
According to a blog post from the company, the issue traces back to March 31, 2026, when Axios was compromised as part of a larger software supply chain attack. During that time, a GitHub Actions workflow used by OpenAI for signing its macOS apps unknowingly downloaded and ran the infected Axios version 1.14.1. That workflow had access to sensitive signing tools, including certificates and notarization materials used for apps like ChatGPT Desktop, Codex, Codex CLI, and Atlas.
OpenAI explained that these certificates are essential because they verify that its software is authentic and comes directly from the company. In response to the incident, OpenAI has updated its security certificates and rolled out fixes to reduce any potential risk from the breach.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
