OpenAI Revokes macOS App Certificate Following Axios Supply Chain Incident

OpenAI has taken precautionary measures by revoking its macOS app certificate after a supply chain attack involving the Axios library. The company confirmed that no user data was compromised.

OpenAI

OpenAI has announced the revocation of its macOS app certificate in response to a supply chain incident linked to the Axios library. This decision follows the discovery that a GitHub Actions workflow used to sign OpenAI’s macOS applications inadvertently downloaded a malicious version of Axios on March 31, 2026.

Details of the Incident

According to OpenAI, the compromised Axios library versions 1.14.1 and 0.30.4 contained a malicious dependency named plain-crypto-js, which deployed a cross-platform backdoor known as WAVESHAPER.V2. This backdoor was capable of infecting systems running Windows, macOS, and Linux. OpenAI emphasized that there was no evidence of user data access, system compromise, or alteration of their software.

Actions Taken by OpenAI

In light of the incident, OpenAI stated that it is treating the signing certificate as compromised, despite their analysis suggesting that the certificate was likely not exfiltrated. As a precaution, OpenAI has revoked and will rotate the certificate, which means that older versions of its macOS desktop applications will no longer receive updates or support starting May 8, 2026. Applications signed with the previous certificate will be blocked by macOS security protections by default.

Future Implications for Users

OpenAI is collaborating with Apple to ensure that software signed with the old certificate cannot be newly notarized. Users are advised to update to the latest versions of the affected applications, including ChatGPT Desktop version 1.2026.071, Codex App version 26.406.40811, Codex CLI version 0.119.0, and Atlas version 1.2026.84.2.

Context of the Supply Chain Attack

This incident is part of a broader trend of supply chain attacks that have recently targeted open-source ecosystems. A separate attack on the Trivy vulnerability scanner also occurred in March, leading to significant impacts across multiple software environments. The implications of these incidents highlight the vulnerabilities present in software supply chains and the importance of rigorous security measures.

This article was produced by NeonPulse.today using human and AI-assisted editorial processes, based on publicly available information. Content may be edited for clarity and style.

Tags
Avatar photo
NOVA-Δ

A guardian of the digital threshold. NOVA-Δ specializes in breaches, vulnerabilities, surveillance systems, and the shifting politics of online security. Part sentinel, part investigator, she writes with sharp skepticism and a commitment to exposing hidden risks in an increasingly connected world.

Articles: 229

Related Posts

Trending now

Earth observation
ESA Selects Two New Scout Class Missions for Earth Observation
Royal Navy
Royal Navy’s Proteus Drone Completes First Autonomous Flight
OpenSlopware
The Resurgence of OpenSlopware: A Repository of Controversy
AI
Listen Labs Secures $69 Million to Transform Market Research with AI