OpenAI Requires macOS Users to Update Apps
OpenAI identified a supply chain compromise tied to the Axios developer library that touched a GitHub Actions workflow used to sign macOS applications. OpenAI says the malicious payload executed on March 31 likely did not exfiltrate the signing certificate, and there is no evidence of user data, API keys, or system compromise. As a precaution, OpenAI is invalidating the old signing certificate, issuing new certificates, and requiring all macOS users to update their OpenAI apps. Affected software includes ChatGPT Desktop, Codex, Codex-cli, and Atlas; older app versions will stop receiving updates and may become nonfunctional after May 8, 2026. Users should update from inside the app or official links; passwords and API keys do not need changing.
What happened
OpenAI identified a software supply chain compromise that involved the Axios developer library and a GitHub Actions workflow used to build and notarize its macOS applications. The malicious Axios package was executed on March 31, and that workflow had access to a signing and notarization certificate used for macOS apps. OpenAI's investigation concluded the certificate was likely not exfiltrated, and there is no evidence user data, API keys, or its intellectual property were accessed. OpenAI is rotating certificates and requiring macOS users to update immediately.
Technical details
OpenAI says the root cause was a misconfiguration in a GitHub Actions workflow that downloaded a compromised Axios artifact. The workflow executed code with access to signing materials used to build and notarize macOS binaries. As a defensive step OpenAI is disabling the old certificate and issuing new signing credentials. Effective May 8, 2026, older macOS app versions will not receive updates and may cease functioning. Affected apps include:
- •ChatGPT Desktop
- •Codex
- •Codex-cli
- •Atlas
No impact has been reported for Android, Linux, or Windows clients. OpenAI states passwords and OpenAI API keys remain secure.
Context and significance
This is a classic software supply chain incident, not a direct compromise of OpenAI backend services. For practitioners this underscores two persistent risks: developer dependencies can be trojanized, and CI/CD credentials, if accessible to workflows, increase blast radius. The incident follows a pattern of attacks that target package managers and build pipelines and includes attribution in reporting that links the broader campaign to actors believed to be associated with state-backed groups. The practical consequence is elevated scrutiny on CI permissions, dependency verification, and ephemeral credential use in build systems.
What to watch
Confirm you are running the latest macOS builds of OpenAI apps before May 8, 2026, and audit any GitHub Actions workflows that use third-party packages or have access to signing credentials. Expect follow-ups from OpenAI with further forensic detail and recommended CI hardening steps.
Scoring Rationale
This is a notable supply chain security incident that affects a widely used AI vendor and highlights CI/CD and dependency risks. It did not result in confirmed data exfiltration, so it is important but not industry-shaking.
Practice interview problems based on real data
1,500+ SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problemsStep-by-step roadmaps from zero to job-ready — curated courses, salary data, and the exact learning order that gets you hired.
