OpenAI has disclosed a software supply-chain security incident involving Axios, a popular third-party developer library, after a malicious version was pulled into a GitHub Actions workflow tied to its macOS app-signing process. The company said it found no evidence that user data was accessed, its systems were compromised, or its software was altered.
TL;DR
- OpenAI detected a malicious Axios package in its macOS app-signing workflow on March 31, 2026.
- The company found no evidence of user data exposure or system compromise.
- macOS signing certificates are being rotated as a precaution.
- Older macOS app versions will stop receiving support after May 8, 2026.
What Happened?
The issue traces back to a broader compromise of the Axios npm package. OpenAI said that on March 31, 2026, a GitHub Actions workflow used in its macOS app-signing process downloaded and executed Axios version 1.14.1, which was later identified as malicious.
This workflow had access to sensitive materials, including a certificate and notarization credentials used to sign macOS applications such as ChatGPT Desktop, Codex App, Codex CLI, and Atlas.
The Axios compromise itself was short-lived but critical. Security researchers noted that the malicious versions were available for a few hours, during which any system pulling those packages could have been exposed.
Was User Data Affected?
OpenAI emphasized that it found no evidence of user data exposure.
The company stated that passwords, API keys, and user information were not impacted. It also said there was no indication that its internal systems or intellectual property were accessed during the incident.
Additionally, OpenAI reviewed notarization logs and system activity to confirm that no unauthorized software signing or distribution took place.
How OpenAI Responded?
Despite the limited impact, OpenAI is treating the incident as a serious security event.
The company is revoking and rotating its macOS signing certificates as a precautionary step. It has also engaged a third-party digital forensics and incident response firm to validate its findings.
OpenAI said the certificate was likely not exfiltrated, based on workflow timing and execution patterns, but chose to act conservatively to eliminate any residual risk.
Impact On Users And Developers
For users, the immediate impact is tied to software updates.
OpenAI announced that older versions of its macOS applications will stop receiving updates and support starting May 8, 2026. In some cases, these older versions may stop functioning entirely.
The company is urging all macOS users to update to the latest versions of its apps to ensure continued access and security.
Developers and organizations using Axios are also being advised across the industry to audit dependencies and rotate credentials if they interacted with affected versions.
Topics for more insights:
The Bigger Picture: Axios Supply-Chain Attack
The broader Axios incident highlights the growing risk of software supply-chain attacks.
Security researchers from Google said the compromised Axios versions were downloaded millions of times weekly under normal conditions, underscoring the potential scale of impact.
The attack has been linked to a North Korea-aligned threat group, according to threat intelligence reports, showing how open-source ecosystems remain a high-value target for sophisticated attackers.
While OpenAI’s exposure appears contained, the incident reinforces the importance of dependency monitoring, secure build pipelines, and rapid response mechanisms.
Join The Discussion