OpenAI has urged all users of its macOS applications to install updates after a supply chain attack on a third-party developer library exposed the certificate the company uses to verify that its software is legitimate.
The incident centres on Axios, a widely used developer library, which was compromised on March 31, 2026 as part of a broader attack on the software supply chain.
A GitHub Actions workflow used in OpenAI’s macOS app-signing process downloaded and ran a version of Axios – version 1.14.1 – that had been made malicious.
That workflow had access to a certificate and notarisation material used to sign OpenAI’s macOS applications, including ChatGPT Desktop, Codex, Codex CLI, and Atlas.
“Our analysis of the incident concluded that the signing certificate present in this workflow was likely not successfully exfiltrated by the malicious payload due to the timing of the payload execution, certificate injection into the job, sequencing of the job itself, and other mitigating factors,” OpenAI said in a statement.
Despite this assessment, the company said it is treating the certificate as compromised and is revoking and rotating it.
OpenAI macOS apps at risk after Axios supply chain attack compromises signing certificate
OpenAI confirmed that its investigation found no indication that user data, intellectual property, or published software had been altered or accessed. The company said passwords and API keys were not affected, and that the incident does not affect iOS, Android, Linux, or Windows versions of its products.
The company also confirmed it has reviewed all notarisation events tied to the certificate and found no signs of misuse. OpenAI attributed the incident to a misconfiguration in its GitHub Actions workflow.
The workflow used a floating tag – meaning it was not pinned to a specific version – rather than a fixed commit hash.
It also lacked a configured minimum release age for new packages, which would have given time for a new release to be scrutinised before use.
What users must do
OpenAI is asking macOS users to update their apps to versions signed with the new certificate. The following are the minimum versions carrying the updated certificate:
- ChatGPT Desktop: 1.2026.051
- Codex App: 26.406.40811
- Codex CLI: 0.119.0
- Atlas: 1.2026.84.2
Users should download updates only through in-app mechanisms or from official OpenAI webpages. The company warned: “Do not install apps from links in emails, messages, ads, or third-party download sites.”
OpenAI has set May 8, 2026 as the date on which it will fully revoke the old certificate. From that point, applications signed with the certificate will be blocked by macOS security protections when users attempt to download or launch them for the first time.
The company said it is offering a 30-day window rather than revoking immediately because new notarisation with the old certificate has already been blocked, meaning any counterfeit software using that certificate would, by default, be stopped by macOS security unless a user explicitly overrides those protections.
As part of its response, OpenAI said it engaged a third-party digital forensics and incident response firm, rotated the signing certificate, and published new builds of all relevant applications. It is also working with Apple to ensure software signed with the old certificate cannot be freshly notarised.
The company added that it is working with partners to monitor for any signs of misuse of the signing certificate and said it will accelerate the revocation timeline if evidence of malicious activity emerges before 8 May.
OpenAI set out the scenario it is guarding against: “In the event that the certificate was successfully compromised by a malicious actor, they could use it to sign their own code, making it appear as legitimate OpenAI software.”
Given that new notarisation using the old certificate has been blocked, macOS’s built-in protections would, by default, flag any such attempt – unless a user manually bypasses them.
