Iris Coleman
Apr 15, 2026 02:02
OpenAI responds to North Korea-linked Axios npm compromise by rotating code signing certificates. macOS customers should replace ChatGPT, Codex apps by Might 8.
OpenAI is forcing all macOS customers to replace their desktop purposes after the corporate’s app-signing workflow was uncovered to the Axios provide chain assault—a compromise attributed to North Korean menace actors that hit the favored JavaScript library on March 31, 2026.
The AI large says it discovered no proof that person knowledge was accessed or that its software program was tampered with. However the firm is not taking possibilities: it is treating its macOS code signing certificates as compromised and revoking it totally on Might 8, 2026.
What Really Occurred
When the compromised Axios model 1.14.1 hit npm on March 31, a GitHub Actions workflow OpenAI makes use of for macOS app signing downloaded and executed the malicious code. That workflow had entry to certificates used to signal ChatGPT Desktop, Codex, Codex CLI, and Atlas—the credentials that inform macOS “sure, this software program actually comes from OpenAI.”
The foundation trigger? A misconfiguration. OpenAI’s workflow referenced Axios utilizing a floating tag slightly than a pinned commit hash, and lacked a configured minimumReleaseAge for brand spanking new packages. Basic provide chain vulnerability.
OpenAI’s inside evaluation suggests the signing certificates seemingly wasn’t efficiently exfiltrated as a result of timing and execution sequencing. However “seemingly” is not adequate once you’re signing software program that runs on thousands and thousands of machines.
The Broader Assault
The Axios compromise wasn’t focusing on OpenAI particularly. Safety researchers, together with Google’s menace intelligence crew, have linked the assault to a North Korea-nexus actor—presumably Sapphire Sleet or UNC1069. The attackers compromised an npm maintainer’s account and injected a malicious dependency known as ‘plain-crypto-js’ that deployed a cross-platform RAT able to reconnaissance, persistence, and self-destruction to keep away from detection.
The assault hit organizations throughout enterprise providers, monetary providers, and tech sectors globally.
What Customers Have to Do
Should you run any OpenAI macOS apps, replace now. After Might 8, older variations will cease functioning totally. Minimal required variations:
- ChatGPT Desktop: 1.2026.051
- Codex App: 26.406.40811
- Codex CLI: 0.119.0
- Atlas: 1.2026.84.2
Obtain solely from official sources or through in-app updates. OpenAI explicitly warns towards putting in something from emails, advertisements, or third-party websites—sound recommendation given {that a} malicious actor with the previous certificates might theoretically signal pretend apps that look legit.
Home windows, iOS, Android, and Linux customers aren’t affected. Neither are net variations. Passwords and API keys stay safe.
Why the 30-Day Window?
OpenAI might revoke the certificates instantly however selected to not. New notarization with the compromised certificates is already blocked, which means any fraudulent app signed with it will fail macOS’s default safety checks except customers manually override them.
The delay offers customers time to replace via regular channels slightly than waking as much as damaged software program. OpenAI says it is monitoring for any indicators of certificates misuse and can speed up revocation if malicious exercise seems.
The incident underscores how provide chain assaults proceed to ripple via the software program ecosystem. One compromised npm package deal, and instantly OpenAI is rotating certificates throughout its complete macOS product line. For builders, the lesson is evident: pin your dependencies to particular commits, not floating tags.
Picture supply: Shutterstock
