OpenAI Responds to Axios Library Compromise Affecting macOS Apps

Severity: High (Score: 63.9)

Sources: Cybersecuritynews, Tradersunion, Livemint, Techflowpost, Tribuneindia

Summary

OpenAI has identified a security issue linked to a compromised third-party developer tool, Axios, which was involved in a broader software supply chain attack on March 31, 2026. The attack allowed a GitHub Actions workflow to download a malicious version of Axios, potentially exposing a signing certificate used for macOS applications like ChatGPT Desktop and Codex. However, OpenAI found no evidence that user data was accessed or that its systems were compromised. As a precaution, the company is updating its security certifications and requiring all macOS users to update their applications by May 8, 2026, after which older versions will no longer receive support. The incident is believed to be linked to actors associated with North Korea. OpenAI has engaged a third-party digital forensics firm to assist in the investigation and has taken steps to ensure the integrity of its software. The company emphasizes that users of its applications on other platforms, such as iOS and Windows, are unaffected by this incident. Key Points: • OpenAI's macOS applications were potentially affected by a supply chain attack on Axios. • No user data or systems were compromised, according to OpenAI's analysis. • Mandatory updates for macOS users are required by May 8, 2026, to mitigate risks.

Key Entities

• Data Breach (attack_type)
• Supply Chain Attack (attack_type)
• OpenAI (company)
• North Korea (country)
• htdigital.in (domain)
• T1036 - Masquerading (mitre_attack)
• T1105 - Ingress Tool Transfer (mitre_attack)
• T1195 - Supply Chain Compromise (mitre_attack)
• T1553.001 - Gatekeeper Bypass (mitre_attack)
• Android (platform)
• Axios (platform)
• IOS (platform)
• Linux (platform)
• MacOS (platform)
• GitHub Actions (tool)