In an official statement, OpenAI said, “We recently identified a security issue involving a third-party developer tool, Axios, that was part of a widely reported, broader industry incident.”

The company emphasized that, as a precautionary measure, it is taking steps to strengthen the integrity of its macOS application certification process to ensure that only legitimate OpenAI apps are recognized.

Reassuring users, OpenAI stated that there is no evidence suggesting that user data was accessed, internal systems or intellectual property were compromised, or any software was altered.

What Happened?

According to the company, the incident dates back to March 31, 2026 (UTC), when Axios—widely used in software development—was compromised in a supply chain attack.

During this period, a GitHub Actions workflow used by OpenAI in its macOS app-signing process inadvertently downloaded and executed a malicious version of Axios (version 1.14.1). This workflow had access to sensitive signing infrastructure, including certificates and notarization materials used for authenticating macOS applications such as ChatGPT Desktop, Codex, Codex CLI, and Atlas.

These certificates are critical for verifying that applications originate from a legitimate developer—in this case, OpenAI.

Risk Assessment and Response

OpenAI noted that its internal analysis indicates the signing certificate was likely not exfiltrated by the malicious payload. This assessment is based on factors such as the timing of the payload execution, the sequencing of the workflow, and additional safeguards in place.

However, exercising caution, the company has decided to treat the certificate as potentially compromised. As a result, it is revoking and rotating the affected certificates.

Steps for Users

OpenAI announced that it is updating its security certificates, which will require all macOS users to update their OpenAI applications to the latest versions.

“This helps prevent any risk—however unlikely—of someone attempting to distribute a fake app that appears to be from OpenAI,” the company said.

Additionally, OpenAI confirmed that starting May 8, 2026, older versions of its macOS desktop applications will no longer receive updates or support and may stop functioning altogether.