OpenAI Urges macOS Users: Update ChatGPT & Warns Codex

OpenAI has disclosed a security incident resulting from a broader software supply chain attack, detected on March 31, 2026. The incident involved the compromise of Axios, a widely used third-party JavaScript developer library.

While the company confirmed no user data, API keys, or systems were compromised, it is taking aggressive precautionary measures to protect its macOS application certification infrastructure.

On March 31, 2026 (UTC), threat actors believed to be linked to North Korea hijacked the npm account of an Axios library maintainer and pushed malicious updates, specifically versions v1.14.1 and v0.30.4.

These compromised versions silently introduced a hidden dependency called plain-crypto-js, which functioned as a cross-platform Remote Access Trojan (RAT) capable of targeting Windows, macOS, and Linux environments.

According to Palo Alto Networks’ Unit 42, the malware was engineered to perform system reconnaissance, establish persistence, and then self-destruct to evade forensic detection.

Axios is one of the most widely downloaded JavaScript libraries, with over 100 million weekly downloads, making the blast radius of this supply chain attack particularly significant.

OpenAI’s Incident Response

OpenAI’s internal build pipeline leveraged Axios as part of its GitHub Actions workflow. When the workflow automatically pulled the now-malicious Axios update, the compromised library gained access to certificate and notarization material used to digitally sign OpenAI’s macOS applications, including ChatGPT Desktop, Codex, and Atlas.

This type of access is critical: code-signing certificates are the trust anchors that verify to Apple’s systems and the App Store that an application is genuinely from its claimed publisher.

Had an attacker exploited this access, they could theoretically have fabricated counterfeit OpenAI applications carrying a legitimate certificate, deceiving both end-user devices and the App Store into treating them as authentic. OpenAI confirmed the root cause was a misconfiguration in its GitHub Actions workflow, which has since been remediated.

OpenAI has moved quickly to contain the potential fallout. The company is revoking and rotating all macOS security certificates to invalidate any trust material that may have been exposed during the incident.

All macOS users are now required to update their OpenAI applications ChatGPT, Codex, Atlas, and Codex CLI to the latest versions to receive the refreshed certificates. OpenAI emphasized that users do not need to change passwords, as passwords and API keys were entirely unaffected by this incident.

Critically, after May 8, 2026, older versions of these macOS applications will cease to receive updates and support, and may become fully non-functional. Users can update safely via an in-app update prompt or through official download links provided by OpenAI.

The attack’s impact on OpenAI was confined exclusively to macOS applications. Applications on Android, Linux, and Windows platforms were not affected. OpenAI reiterated that it found no evidence of user data exfiltration, system compromise, or software tampering.

This incident underscores the growing threat of software supply chain attacks targeting developer tooling, a vector increasingly favored by sophisticated state-linked threat actors.

Organizations relying on open-source libraries via automated CI/CD pipelines should implement dependency pinning, integrity verification, and workflow audits as standard security hygiene to reduce exposure to similar incidents.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.