**OpenAI** is taking swift action to secure its macOS applications after a recent supply chain attack. The company is rotating potentially exposed macOS code-signing certificates following the compromise of an **Axios** package within a **GitHub Actions** workflow. ### Supply Chain Compromise Details On March 31, 2026, a legitimate workflow downloaded and executed a compromised version (1.14.1) of the **Axios** package. This malicious package was leveraged in attacks to deploy malware on affected devices. The workflow in question had access to code-signing certificates utilized to sign **OpenAI's** macOS applications, including **ChatGPT Desktop**, **Codex**, **Codex CLI**, and **Atlas**. <a rel="nofollow noopener" href="https://www.adaptivesecurity.com/demo/security-awareness-training?utm_source=display_network&amp;utm_medium=paid_display&amp;utm_campaign=2026_04_display_bleepingcomputer&amp;utm_id=701Rd00000fE8REIA0&amp;utm_content=970x250"><img alt="Wiz" src="https://www.bleepstatic.com/c/a/as-tour-the-platform-970-x250.jpg"></a> ### Precautionary Measures Despite finding no direct evidence that the signing certificate was compromised, **OpenAI** is proceeding with caution. The company is revoking and rotating the certificate to protect the integrity of its macOS applications. According to an **OpenAI** security advisory, "Out of an abundance of caution we are taking steps to protect the process that certifies our macOS applications are legitimate **OpenAI** apps. We found no evidence that **OpenAI** user data was accessed, that our systems or intellectual property was compromised, or that our software was altered." macOS users will need to update their **OpenAI** applications to versions signed with the new certificate. Older versions may cease to function after May 8, 2026, when the old certificate is fully revoked. ### Investigation and Mitigation **OpenAI** collaborated with a third-party incident response firm to investigate the incident. The investigation found no evidence that the incident exposed the certificates or that they were used to distribute malicious software. Previous notarization activity linked to the certificate was also analyzed, confirming that everything signed with it was legitimate. To further mitigate potential risks, **OpenAI** is working with **Apple** to prevent future software notarization using the compromised certificate. The certificate revocation is scheduled for May 8, after which macOS protections will block applications signed with it. ### Scope of Impact **OpenAI** clarified that the issue is limited to its macOS applications and does not affect its web services or applications on other platforms, including iOS, Android, Windows, or Linux. User accounts, passwords, and API keys remain unaffected. Users are strongly advised to update their macOS applications through official channels, such as in-app features or official download pages, and to avoid installing software from untrusted sources like email links, ads, or third-party websites. **OpenAI** will continue to monitor for any signs of misuse of the old certificate and may expedite the revocation timeline if suspicious activity is detected. ### Axios Supply Chain Attack Details The **Axios** supply chain attack has been attributed to North Korean threat actors tracked as **UNC1069**. These actors conducted a social engineering campaign targeting one of the project's maintainers. After a deceptive web conference call leading to malware installation, the attackers gained access to the maintainer's account and published malicious versions of the **Axios** package to **npm**. This malicious package included a dependency that installed a remote access trojan (RAT) on macOS, Windows, and Linux systems. Researchers have revealed that the attackers approached developers through convincing fake collaboration setups, including **Slack** workspaces and **Microsoft Teams** calls, ultimately tricking them into installing malware that facilitated credential theft and downstream supply chain compromises. This activity is linked to a broader campaign aimed at compromising popular open-source projects for widespread supply chain attacks. <div><p><a rel="noopener sponsored" href="https://hubs.li/Q048zztN0"><img alt="tines" src="https://www.bleepstatic.com/c/p/picus-whitepaper.jpg"></a></p> <div> <h2><a rel="noopener sponsored" href="https://hubs.li/Q048zztN0">Automated Pentesting Covers Only 1 of 6 Surfaces.</a></h2> <p>Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.</p> <p>This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation.</p> </div></div>