Our response to the Axios developer tool compromise
Summary
OpenAI discovered that Axios, a third-party developer library (a pre-written code package used to build software), was compromised in a software supply chain attack (where attackers infiltrate widely-used tools to affect many companies at once) on March 31, 2026, and their macOS app-signing process briefly used a malicious version. OpenAI found no evidence that user data or systems were compromised, but is revoking and updating their security certificates (digital credentials that verify software is authentic) and requiring all macOS users to update their OpenAI apps to prevent the risk of fake apps appearing legitimate. As of May 8, 2026, older versions of ChatGPT Desktop (before 1.2026.051), Codex App (before 26.406.40811), Codex CLI (before 0.119.0), and Atlas (before 1.2026.84.2) will no longer receive updates and may stop working.
Solution / Mitigation
Update to the latest versions of OpenAI's macOS apps through in-app update or official links. OpenAI also addressed the root cause by fixing the GitHub Actions workflow misconfiguration: the workflow previously used a floating tag instead of a specific commit hash and lacked a configured minimumReleaseAge for new packages; these have been corrected. OpenAI rotated the macOS code signing certificate, published new builds of all affected macOS products with the new certificate, and worked with Apple to prevent software notarization using the previous certificate.
Classification
Affected Vendors
Related Issues
Original source: https://openai.com/index/axios-developer-tool-compromise
First tracked: April 11, 2026 at 02:00 AM
Classified by LLM (prompt v3) · confidence: 95%