- OpenAI rotated macOS code signing certificate after Axios supply chain breach
- Malicious Axios 1.14.1 joins application signing workflow
- No evidence of data theft, but older versions of the app are outdated
OpenAI recently rotated its macOS code signing certificate and pushed new versions of macOS products as a proactive measure against potential malware attacks.
When an app is signed with a valid developer certificate (such as OpenAI), the system assumes that the developer is verified, that the app has not been tampered with, and that it is safe to run. Having malware signed with one of these certificates almost guarantees that it will bypass protections and be able to run on the endpoint.
In an update published late last week, the popular artificial intelligence company said it observed a breach in Axios, a third-party development tool it uses, in late March of this year. Axios is a JavaScript library used to send HTTP requests (allows applications to communicate with servers). It was compromised and a malicious version, 1.14.1, was shipped.
Article continues below.
The attack was said to appear to be part of a broader attack on the software supply chain. At that time, OpenAI used a GitHub Actions workflow in the macOS app signing process, which downloaded and executed that malicious version.
User data is secure
“This workflow had access to a certificate and notarization material used to sign macOS applications, including ChatGPT Desktop, Codex, Codex-cli, and Atlas,” OpenAI explained.
While the company’s incident analysis determined that the signing certificate was “likely not successfully exfiltrated,” it still treated it as compromised and decided to rotate it.
“Starting May 8, 2026, older versions of our macOS desktop apps will no longer receive updates or support, and may not work,” OpenAI warned. “These versions represent the first versions signed with our updated certificate:
ChatGPT Desktop: 1.2026.051
Codex Application: 26.406.40811
Codex CLI: 0.119.0
Atlas: 1.2026.84.2”
In the same report, the company stated that there is no evidence that user data was accessed, that intellectual property was compromised, or that the software itself was altered in any way.
Through PakGazette
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
