Iris Coleman
Apr 15, 2026 02:02
OpenAI responds to North Korea-linked Axios npm compromise by rotating code signing certificates. macOS customers should replace ChatGPT, Codex apps by Might 8.
OpenAI is forcing all macOS customers to replace their desktop purposes after the corporate’s app-signing workflow was uncovered to the Axios provide chain assault—a compromise attributed to North Korean menace actors that hit the favored JavaScript library on March 31, 2026.
The AI large says it discovered no proof that consumer knowledge was accessed or that its software program was tampered with. However the firm is not taking possibilities: it is treating its macOS code signing certificates as compromised and revoking it completely on Might 8, 2026.
What Truly Occurred
When the compromised Axios model 1.14.1 hit npm on March 31, a GitHub Actions workflow OpenAI makes use of for macOS app signing downloaded and executed the malicious code. That workflow had entry to certificates used to signal ChatGPT Desktop, Codex, Codex CLI, and Atlas—the credentials that inform macOS “sure, this software program actually comes from OpenAI.”
The basis trigger? A misconfiguration. OpenAI’s workflow referenced Axios utilizing a floating tag reasonably than a pinned commit hash, and lacked a configured minimumReleaseAge for brand new packages. Basic provide chain vulnerability.
OpenAI’s inner evaluation suggests the signing certificates doubtless wasn’t efficiently exfiltrated as a consequence of timing and execution sequencing. However “doubtless” is not ok while you’re signing software program that runs on hundreds of thousands of machines.
The Broader Assault
The Axios compromise wasn’t concentrating on OpenAI particularly. Safety researchers, together with Google’s menace intelligence group, have linked the assault to a North Korea-nexus actor—probably Sapphire Sleet or UNC1069. The attackers compromised an npm maintainer’s account and injected a malicious dependency known as ‘plain-crypto-js’ that deployed a cross-platform RAT able to reconnaissance, persistence, and self-destruction to keep away from detection.
The assault hit organizations throughout enterprise providers, monetary providers, and tech sectors globally.
What Customers Have to Do
Should you run any OpenAI macOS apps, replace now. After Might 8, older variations will cease functioning completely. Minimal required variations:
- ChatGPT Desktop: 1.2026.051
- Codex App: 26.406.40811
- Codex CLI: 0.119.0
- Atlas: 1.2026.84.2
Obtain solely from official sources or through in-app updates. OpenAI explicitly warns in opposition to putting in something from emails, advertisements, or third-party websites—sound recommendation given {that a} malicious actor with the outdated certificates may theoretically signal pretend apps that look authentic.
Home windows, iOS, Android, and Linux customers aren’t affected. Neither are internet variations. Passwords and API keys stay safe.
Why the 30-Day Window?
OpenAI may revoke the certificates instantly however selected to not. New notarization with the compromised certificates is already blocked, that means any fraudulent app signed with it might fail macOS’s default safety checks except customers manually override them.
The delay offers customers time to replace by regular channels reasonably than waking as much as damaged software program. OpenAI says it is monitoring for any indicators of certificates misuse and can speed up revocation if malicious exercise seems.
The incident underscores how provide chain assaults proceed to ripple by the software program ecosystem. One compromised npm bundle, and immediately OpenAI is rotating certificates throughout its complete macOS product line. For builders, the lesson is evident: pin your dependencies to particular commits, not floating tags.
Picture supply: Shutterstock
