OpenAI flags security issue after Axios supply chain attack linked to North Korea, says no user data was accessed

OpenAI is moving to lock down its macOS apps after uncovering a security issue tied to a compromised third-party tool, a reminder of how fragile modern software supply chains have become.

The company said it traced the issue back to Axios, a widely used developer library that was compromised on March 31 as part of what it describes as a broader supply chain attack linked to actors believed to be connected to North Korea. The breach reached a GitHub Actions workflow used by OpenAI, in which a “malicious” version of Axios was downloaded and executed during internal processes.

That workflow had access to sensitive materials used for signing and notarizing macOS applications. That includes ChatGPT Desktop, Codex, Codex-cli, and Atlas. In plain terms, the signing process is what tells macOS that an app is legitimate and safe to run. If that chain is broken, attackers can attempt to pass off fake apps as trusted software.

OpenAI says its internal review found no evidence that user data was accessed, its systems or intellectual property were compromised, or that any of its shipped software was altered. The company added that passwords and API keys were not affected. Its analysis also suggests the signing certificate present in the affected workflow was likely not successfully exfiltrated by the malicious payload.

OpenAI’s response to the Axios developer tool compromise

“We recently identified a security issue involving a third-party developer tool, Axios, that was part of a widely reported, broader industry incident⁠(opens in a new window). Out of an abundance of caution we are taking steps to protect the process that certifies our macOS applications are legitimate OpenAI apps. We found no evidence that OpenAI user data was accessed, that our systems or intellectual property was compromised, or that our software was altered,” OpenAI said in a blog post.

Even so, the risk was serious enough to trigger a response across its macOS ecosystem. OpenAI is updating its security certifications and requiring users to install the latest versions of its desktop apps. Older versions will lose updates and support starting May 8 and may stop working altogether.

At the center of the incident is a misconfiguration in the GitHub Actions workflow, which OpenAI says has now been fixed. The company’s response follows a familiar pattern seen in recent supply chain attacks, in which a single compromised dependency can ripple through trusted systems without immediate detection.

For users, the message is simple. Update the app. For developers, it’s another signal that even trusted tools can become entry points when build pipelines aren’t locked down end-to-end.