OpenAI said it identified a security issue involving the third-party developer library Axios, but found “no evidence” that user data was accessed, that its systems or intellectual property were compromised, or that its software was altered.
The issue affected part of the process OpenAI uses to certify its macOS applications as legitimate, prompting the company to rotate security certificates and require Mac users to update affected apps.
The issue centered on a third-party tool, not OpenAI’s core systems
According to Reuters, OpenAI said Axios was compromised on March 31 as part of a broader software supply-chain attack by actors believed to be linked to North Korea.
OpenAI’s own incident page says a GitHub Actions workflow used in its macOS app-signing process downloaded and executed a malicious version of Axios, version 1.14.1.
That workflow had access to the certificate and notarization materials used to sign ChatGPT Desktop, Codex, Codex-cli, and Atlas for macOS.
OpenAI said its analysis concluded that the signing certificate in the workflow was likely not successfully exfiltrated, citing the timing of the payload execution, how the certificate was injected into the job, and other mitigating factors.
Even so, the company said it is treating the certificate as compromised “out of an abundance of caution” and is revoking and rotating it.
OpenAI says no user data, passwords, or API keys were affected
The company’s public statement is unusually direct on the scope of impact.
OpenAI said it found no evidence that OpenAI user data was accessed and repeated in its FAQ that OpenAI products or user data were [not] compromised or exposed.
It also said passwords and OpenAI API keys were not affected. Reuters reported the same, adding that OpenAI said its systems and software were not altered.
The company also said the issue does not affect iOS, Android, Linux, or Windows, and that the exposure was limited to OpenAI macOS apps. That distinction matters because the incident involves the Mac app-signing chain, not the broader ChatGPT web service or the company’s other major software environments.
Mac users now have a deadline to update
OpenAI said it is updating its security certificates and requiring all macOS users to move to the latest versions of its apps.
On its incident page, the company said that effective May 8, 2026, older versions of its macOS desktop apps will no longer receive updates or support, and may not be functional.
It listed the earliest builds signed with the new certificate as ChatGPT Desktop 1.2026.051, Codex App 26.406.40811, Codex CLI 0.119.0, and Atlas 1.2026.84.2.
OpenAI added that only apps downloaded through in-app updates or official OpenAI links should be trusted, warning users not to install software from links in emails, messages, ads, or third-party download sites.
The company said the certificate rotation is meant to reduce the risk, however unlikely, that someone might try to distribute a fake app that appears to come from OpenAI.
The root cause was a workflow misconfiguration
OpenAI said the root cause of the incident was a misconfiguration in the GitHub Actions workflow.
Specifically, it said the workflow used a floating tag instead of a specific commit hash and did not have a configured minimumReleaseAge for new packages. The company said this misconfiguration has now been addressed.
For OpenAI, the incident appears to be less a story of stolen user data than of supply-chain exposure and certificate hygiene.
But the response shows how seriously the company is treating the risk around app authenticity: even without evidence of misuse, it is forcing certificate rotation, cutting off older Mac app versions, and telling users to update before the May deadline.
