OpenAI Rotates Certificates After Axios Supply Chain Attack

OpenAI has responded to a recent supply chain attack that compromised its macOS application certificates. On March 31, 2026, the Axios JavaScript library was affected by an attack linked to North Korean threat actors. The attackers injected a malicious dependency called 'plain-crypto-js' into the npm package, which deployed a cross-platform remote access tool (RAT) capable of reconnaissance and persistence.

The OpenAI app-signing workflow, which used Axios version 1.14.1, downloaded and executed the malicious code. As a result, OpenAI is treating its macOS code signing certificate as compromised and revoking it entirely on May 8, 2026.

The company has taken measures to secure its applications by rotating certificates and requiring users to update their apps. Minimum required versions for affected applications are: ChatGPT Desktop (1.2026.051), Codex App (26.406.40811), Codex CLI (0.119.0), and Atlas (1.2026.84.2). Users are advised to only download updates from official sources or via in-app updates.