Openai · OpenAI
Now, OpenAI has found no evidence of compromise or risk to existing software installations
Compiled by KHAO Editorial — aggregated from 1 outlet. See llms.txt for citation guidance.
★ Tier-1 Source
If the certificate was successfully compromised by a malicious actor, they could use it to sign their own code, making it appear as legitimate OpenAI software.
Key facts
- On March 31, 2026 (UTC), Axios, a widely used third-party developer library, was compromised as part of a broader software supply chain attack
- Effective May 8, 2026, older versions of their macOS desktop apps will no longer receive updates or support, and may not be functional
- At that time, a GitHub Actions workflow they use in the macOS app-signing process downloaded and executed a malicious version of Axios (version 1.14.1)
- Once they fully revoke their certificate on May 8th, 2026, new downloads and launches of apps signed with the previous certificate will be blocked by macOS security protections
Summary
The team recently identified a security issue involving a third-party developer tool, Axios, that was part of a widely reported, broader industry incident . The team are updating their security certificates, which will require all macOS users to update their OpenAI apps to the latest versions. The security and privacy of your information are a top priority. On March 31, 2026 (UTC), Axios, a widely used third-party developer library, was compromised as part of a broader software supply chain attack. At that time, a GitHub Actions workflow they use in the macOS app-signing process downloaded and executed a malicious version of Axios (version 1.14.1). Their analysis of the incident concluded that the signing certificate present in this workflow was likely not successfully exfiltrated by the malicious payload due to the timing of the payload execution, certificate injection into the job, sequencing of the job itself, and other mitigating factors.