OpenAI said on Friday it had identified a security issue involving a third-party developer tool called Axios and is taking steps to protect the process that certifies its macOS applications are legitimate OpenAI apps. According to OpenAI, Axios, a widely used third-party developer library, was compromised on March 31, as part of a broader software supply chain attack by actors believed to be linked to North Korea. This attack led a GitHub Actions workflow used by OpenAI to download and execute a 'malicious' version of Axios. This workflow had access to a certificate and notarization material used for signing macOS applications, including ChatGPT Desktop, Codex, Codex-cli, and Atlas. Passwords and OpenAI API keys were not affected by the third-party security issue, the company said, adding that the root cause of the security incident was a misconfiguration in the GitHub Actions workflow, which has been addressed.

Source: The Telegraph April 11, 2026 05:32 UTC