Iris Coleman
Apr 15, 2026 02:02
OpenAI responds to North Korea-linked Axios npm compromise by rotating code signing certificates. macOS customers should replace ChatGPT, Codex apps by Could 8.
OpenAI is forcing all macOS customers to replace their desktop purposes after the corporate’s app-signing workflow was uncovered to the Axios provide chain assault—a compromise attributed to North Korean menace actors that hit the favored JavaScript library on March 31, 2026.
The AI big says it discovered no proof that consumer knowledge was accessed or that its software program was tampered with. However the firm is not taking possibilities: it is treating its macOS code signing certificates as compromised and revoking it totally on Could 8, 2026.
What Really Occurred
When the compromised Axios model 1.14.1 hit npm on March 31, a GitHub Actions workflow OpenAI makes use of for macOS app signing downloaded and executed the malicious code. That workflow had entry to certificates used to signal ChatGPT Desktop, Codex, Codex CLI, and Atlas—the credentials that inform macOS “sure, this software program actually comes from OpenAI.”
The foundation trigger? A misconfiguration. OpenAI’s workflow referenced Axios utilizing a floating tag somewhat than a pinned commit hash, and lacked a configured minimumReleaseAge for brand spanking new packages. Basic provide chain vulnerability.
OpenAI’s inside evaluation suggests the signing certificates probably wasn’t efficiently exfiltrated attributable to timing and execution sequencing. However “probably” is not adequate while you’re signing software program that runs on thousands and thousands of machines.
The Broader Assault
The Axios compromise wasn’t focusing on OpenAI particularly. Safety researchers, together with Google’s menace intelligence staff, have linked the assault to a North Korea-nexus actor—presumably Sapphire Sleet or UNC1069. The attackers compromised an npm maintainer’s account and injected a malicious dependency referred to as ‘plain-crypto-js’ that deployed a cross-platform RAT able to reconnaissance, persistence, and self-destruction to keep away from detection.
The assault hit organizations throughout enterprise companies, monetary companies, and tech sectors globally.
What Customers Have to Do
If you happen to run any OpenAI macOS apps, replace now. After Could 8, older variations will cease functioning totally. Minimal required variations:
- ChatGPT Desktop: 1.2026.051
- Codex App: 26.406.40811
- Codex CLI: 0.119.0
- Atlas: 1.2026.84.2
Obtain solely from official sources or by way of in-app updates. OpenAI explicitly warns towards putting in something from emails, advertisements, or third-party websites—sound recommendation given {that a} malicious actor with the outdated certificates may theoretically signal faux apps that look official.
Home windows, iOS, Android, and Linux customers aren’t affected. Neither are internet variations. Passwords and API keys stay safe.
Why the 30-Day Window?
OpenAI may revoke the certificates instantly however selected to not. New notarization with the compromised certificates is already blocked, that means any fraudulent app signed with it could fail macOS’s default safety checks until customers manually override them.
The delay provides customers time to replace via regular channels somewhat than waking as much as damaged software program. OpenAI says it is monitoring for any indicators of certificates misuse and can speed up revocation if malicious exercise seems.
The incident underscores how provide chain assaults proceed to ripple via the software program ecosystem. One compromised npm bundle, and instantly OpenAI is rotating certificates throughout its whole macOS product line. For builders, the lesson is obvious: pin your dependencies to particular commits, not floating tags.
Picture supply: Shutterstock
