OpenAI has disclosed a security incident linked to the compromise of Axios, a widely used third-party JavaScript library, as part of a broader software supply chain attack detected on March 31, 2026. Although the company confirmed that no user data, API keys, or internal systems were breached, it has taken swift and precautionary measures to secure its macOS application certification infrastructure.
According to the disclosure, threat actors believed to be linked to North Korea successfully hijacked the npm account of an Axios maintainer. As a result, they pushed malicious updates, specifically versions v1.14.1 and v0.30.4. These compromised versions introduced a hidden dependency named plain-crypto-js, which functioned as a cross-platform Remote Access Trojan (RAT). Consequently, the malware had the potential to target Windows, macOS, and Linux environments.
Furthermore, researchers from Palo Alto Networks’ Unit 42 revealed that the malware was designed to perform system reconnaissance, establish persistence, and then self-destruct to evade forensic detection. Given that Axios records over 100 million weekly downloads, the potential impact or blast radius of this attack was significantly high.
In response, OpenAI identified that its internal build pipeline relied on Axios within its GitHub Actions workflow. When the workflow automatically pulled the compromised update, the malicious library gained access to sensitive certificate and notarization materials used to digitally sign macOS applications such as ChatGPT Desktop, Codex, and Atlas. Notably, these code-signing certificates serve as critical trust anchors, verifying application authenticity to Apple systems and the App Store.
If exploited, this access could have allowed attackers to create counterfeit OpenAI applications signed with legitimate certificates, potentially deceiving both users and platform security mechanisms. However, OpenAI clarified that the root cause stemmed from a misconfiguration in its GitHub Actions workflow, which has since been fully remediated.
To mitigate any potential risk, OpenAI has initiated the revocation and rotation of all macOS security certificates. This action effectively invalidates any trust material that may have been exposed during the incident. Additionally, the company has mandated that all macOS users update their OpenAI applications including ChatGPT, Codex, Atlas, and Codex CLI to the latest versions to ensure continued security.
Importantly, OpenAI reassured users that there is no need to change passwords, as both passwords and API keys remain unaffected. At the same time, the company announced that after May 8, 2026, older versions of its macOS applications will no longer receive updates or support and may become non-functional. Users are encouraged to update through official channels, either via in-app prompts or authorized download sources.
Meanwhile, OpenAI emphasized that the impact of this incident was strictly limited to macOS applications. Platforms such as Android, Linux, and Windows were not affected. Moreover, the company confirmed that it found no evidence of user data exfiltration, system compromise, or unauthorized software modification.
Ultimately, this incident highlights the increasing sophistication of software supply chain attacks, particularly those targeting widely used developer tools and open-source ecosystems. As a result, organizations must adopt stronger security practices, including dependency pinning, integrity verification, and continuous CI/CD workflow audits, to minimize exposure to similar threats in the future.
Recommended Cyber Technology News:
- Cobalt Adds Tony Spinelli to Board for Cybersecurity Growth
- Strobes Launches AI Harness for End-to-End Pen Testing
- Celerium Launches DIB CyberDome for Defense Cybersecurity
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
