Iris Coleman
Apr 15, 2026 02:02
OpenAI responds to North Korea-linked Axios npm compromise by rotating code signing certificates. macOS customers should replace ChatGPT, Codex apps by Could 8.
OpenAI is forcing all macOS customers to replace their desktop functions after the corporate’s app-signing workflow was uncovered to the Axios provide chain assault—a compromise attributed to North Korean menace actors that hit the favored JavaScript library on March 31, 2026.
The AI big says it discovered no proof that person knowledge was accessed or that its software program was tampered with. However the firm is not taking probabilities: it is treating its macOS code signing certificates as compromised and revoking it completely on Could 8, 2026.
What Truly Occurred
When the compromised Axios model 1.14.1 hit npm on March 31, a GitHub Actions workflow OpenAI makes use of for macOS app signing downloaded and executed the malicious code. That workflow had entry to certificates used to signal ChatGPT Desktop, Codex, Codex CLI, and Atlas—the credentials that inform macOS “sure, this software program actually comes from OpenAI.”
The foundation trigger? A misconfiguration. OpenAI’s workflow referenced Axios utilizing a floating tag quite than a pinned commit hash, and lacked a configured minimumReleaseAge for brand spanking new packages. Traditional provide chain vulnerability.
OpenAI’s inner evaluation suggests the signing certificates possible wasn’t efficiently exfiltrated resulting from timing and execution sequencing. However “possible” is not adequate whenever you’re signing software program that runs on hundreds of thousands of machines.
The Broader Assault
The Axios compromise wasn’t concentrating on OpenAI particularly. Safety researchers, together with Google’s menace intelligence crew, have linked the assault to a North Korea-nexus actor—probably Sapphire Sleet or UNC1069. The attackers compromised an npm maintainer’s account and injected a malicious dependency referred to as ‘plain-crypto-js’ that deployed a cross-platform RAT able to reconnaissance, persistence, and self-destruction to keep away from detection.
The assault hit organizations throughout enterprise companies, monetary companies, and tech sectors globally.
What Customers Must Do
If you happen to run any OpenAI macOS apps, replace now. After Could 8, older variations will cease functioning completely. Minimal required variations:
- ChatGPT Desktop: 1.2026.051
- Codex App: 26.406.40811
- Codex CLI: 0.119.0
- Atlas: 1.2026.84.2
Obtain solely from official sources or by way of in-app updates. OpenAI explicitly warns in opposition to putting in something from emails, advertisements, or third-party websites—sound recommendation given {that a} malicious actor with the outdated certificates may theoretically signal faux apps that look legit.
Home windows, iOS, Android, and Linux customers aren’t affected. Neither are net variations. Passwords and API keys stay safe.
Why the 30-Day Window?
OpenAI may revoke the certificates instantly however selected to not. New notarization with the compromised certificates is already blocked, that means any fraudulent app signed with it will fail macOS’s default safety checks until customers manually override them.
The delay provides customers time to replace via regular channels quite than waking as much as damaged software program. OpenAI says it is monitoring for any indicators of certificates misuse and can speed up revocation if malicious exercise seems.
The incident underscores how provide chain assaults proceed to ripple via the software program ecosystem. One compromised npm package deal, and all of a sudden OpenAI is rotating certificates throughout its whole macOS product line. For builders, the lesson is obvious: pin your dependencies to particular commits, not floating tags.
Picture supply: Shutterstock