OpenAI revokes macOS certificates, forces ChatGPT update

OpenAI revoked and rotated the signing certificates used for its macOS desktop applications after a supply-chain compromise involving third-party developer libraries. In a blog post dated April 10, 2026, OpenAI wrote, "We found no evidence that OpenAI user data was accessed, that our systems or intellectual property was compromised, or that our software was altered." The same post said, "Effective May 8, 2026, older versions of our macOS desktop apps will no longer receive updates or support, and may not be functional." Multiple outlets including 9to5Mac, Reuters, Forbes, and Cyber Magazine reported follow-on details in May 2026 linking the incident to malicious packages published to the Axios/TanStack ecosystem and to limited compromise of two employee devices and small-scale credential exfiltration, as described by OpenAI and summarized by Reuters.

OpenAI's April 10 post explains the incident originated when a GitHub Actions workflow used in the macOS app-signing process downloaded and executed a malicious version of Axios (reported as v1.14.1). That workflow had access to certificate and notarization material used to sign macOS apps including ChatGPT Desktop, Codex App, Codex CLI, and Atlas, so OpenAI treated the certificate as potentially compromised and rotated it. Reporting by Cyber Magazine and others cites attribution to a tracked threat actor (reported as UNC1069 by Google Threat Intelligence Group) for the upstream package tamperings; 9to5Mac also reported a related compromise of the TanStack ecosystem on May 11, 2026.

Editorial analysis: This incident is a textbook software supply-chain compromise where CI/CD or package workflows with signing privileges amplify risk. Rotating signing certificates and forcing application updates is a standard containment step to prevent attackers from distributing counterfeit signed binaries that appear legitimate.

Editorial analysis: For practitioners, the most relevant signals are twofold. First, build and CI/CD systems that hold signing keys are high-value targets; successful tampering of widely used JavaScript libraries like Axios/TanStack can cascade across many projects. Second, end-user impact can be immediate: revoked certificates can cause older app builds to fail verification or be blocked by Gatekeeper on macOS, forcing urgent updates. Multiple outlets noted that OpenAI's investigation found no evidence of user-data exfiltration, but that limited credential material in a subset of internal repositories was exfiltrated, per OpenAI's statement quoted by Reuters.

• •Track official OpenAI guidance for precise update windows and verification links; OpenAI's April 10 post lists affected versions and update instructions.
• •Monitor vendor and CI/CD logs for usage of signing keys, and audit workflows that inject credentials into build jobs.
• •Watch for downstream supply-chain disclosures from TanStack/Axios maintainers and threat-intel groups for further attribution or indicators of compromise.

Editorial analysis: Observers and security teams will also watch whether other organizations that consumed the same malicious packages report broader impact, and whether the incident triggers wider policy or platform changes around secure build practices.