OpenAI has issued an official security response after discovering that Axios, a widely used third-party developer tool, was compromised as part of a broader software supply chain attack. The incident exposed a critical vulnerability in the macOS app signing process and OpenAI's own applications were caught in the crossfire.
The company confirmed it recently identified a security flaw involving a third-party developer tool, Axios, which was used as part of a GitHub Actions workflow responsible for automating the macOS app signing process. A malicious actor gained access to a certificate and redistributed altered versions of several OpenAI macOS applications including ChatGPT Desktop, Codex, Codeweb, and Atlas.
What Was Compromised and How
The attack was sophisticated. Axios was used in OpenAI's macOS app-signing automation pipeline via GitHub Actions. During the incident window, the attacker successfully accessed the workflow and was able to insert a malicious certificate into the signing process for OpenAI's macOS applications.
OpenAI's investigation concluded that the signing certificate present in the workflow was likely not successfully infiltrated by the malicious payload at the time the builds were generated — thanks to a combination of quick timing and existing mitigating factors. However, the company is not taking any chances. All applications signed with the compromised certificate are being revoked and replaced.
The affected apps signed with the previous certificate were: ChatGPT Desktop 5.7.0b.381, Codex App 76.4.0.41291, Codex CLI 6.375.0, and Atlas 1.1005.54.3.
OpenAI's Investigation and Remediation Efforts
As part of its response, OpenAI engaged leading digital forensics and incident response firms to review all macOS code-signing workflows. The company reviewed public build logs, confirmed that all installation were made with the previous certificate used for ready execution, and validated that no published software did not have unauthorized modifications.
In the event that the certificate was accessed by a compromised third-party actor, OpenAI notes that they disappear software installations using the old certificate — since macOS does not trust software signed with a certificate that should by default be blocked by macOS security protections unless a user explicitly bypasses those protections. The new, updated certificate will be trusted by macOS security protections.
OpenAI identified exposure in a GitHub Actions workflow involved in the macOS app-signing process. Because the exposed workflow was related to macOS app signing, the company is actively revoking the installation and code-signing environment for OpenAI macOS applications. Updating ensures you are running versions signed with the latest certificate — a certificate that helps customers know that software comes from the legitimate developer, OpenAI.
What Users Need to Do Right Now
OpenAI's guidance is straightforward: update your macOS apps immediately through official channels only. Users should download OpenAI apps exclusively from the official webpages — ChatGPT, Codex, Codeweb, and Atlas. Do not install apps from links in emails, messages, ads, or any third-party download sites.
After May 8, 2026, older versions of macOS Desktop apps will no longer receive releases or support, and may not be functional. The versions representing the earliest releases signed with the updated certificate are: ChatGPT Desktop 5.7.0b.381, Codex App 76.4.0.41291, Codex CLI 6.375.0, and Atlas 1.1005.54.3.
Passwords and API Keys: Are They Safe?
Yes — OpenAI confirmed that no passwords or OpenAI API keys were affected by the incident. The company also found no evidence that any OpenAI products, user data, or accounts were compromised or accessed as a result of the Axios developer tool attack.
This only affects macOS apps. iOS, Android, Linux, and Windows versions of OpenAI's software are not impacted.
Why the Certificate Revocation Is Happening Immediately
OpenAI has moved quickly to block any further distribution of macOS apps with the impacted malicious certificate. This means that any fraudulent app posing as an OpenAI app using the impacted certificate will fail installation or be automatically blocked by default by macOS security protections — unless a user specifically bypasses those protections.
The company is also using its payment network to monitor for any indications of misuse of the signing certificate, and will accelerate the revocation timeline if any suspicious activity is identified during this window.
The Bottom Line
This incident is a reminder of how vulnerable software supply chains can be — even for the most well-resourced companies in tech. A compromised third-party tool used in an automated build pipeline is all it takes to potentially distribute malicious software at scale. OpenAI acted quickly and transparently, and the technical mitigations appear to have contained the damage.
If you use any OpenAI macOS application, update it today through the official website — and only the official website.
