2 min learnApr 11, 2026 10:06 AM IST
OpenAI stated on Friday it had recognized a safety concern involving a third-party developer software known as Axios and is taking steps to guard the method that certifies its macOS functions are legit OpenAI apps.
The ChatGPT maker stated it discovered no proof that its consumer knowledge was accessed, that its techniques or mental property was compromised, or that its software program was altered.
The corporate stated it’s updating its safety certifications, requiring all macOS customers to replace their OpenAI apps to the most recent variations to assist forestall any threat of somebody making an attempt to distribute a pretend app.
In line with OpenAI, Axios, a extensively used third-party developer library, was compromised on March 31, as a part of a broader software program provide chain assault by actors believed to be linked to North Korea.
This assault led a GitHub Actions workflow utilized by OpenAI to obtain and execute a ‘malicious’ model of Axios. This workflow had entry to a certificates and notarization materials used for signing macOS functions, together with ChatGPT Desktop, Codex, Codex-cli, and Atlas.
OpenAI stated its evaluation of the incident concluded that the signing certificates current on this workflow was probably not efficiently exfiltrated by the ‘malicious’ payload.
Efficient Could 8, older variations of OpenAI’s macOS desktop apps will not obtain updates or assist, and is probably not useful, the ChatGPT maker stated.
Story continues under this advert
Passwords and OpenAI API keys weren’t affected by the third-party safety concern, the corporate stated, including that the basis reason behind the safety incident was a misconfiguration within the GitHub Actions workflow, which has been addressed.