OpenAI Revokes macOS Code Signing Cert After Axios Supply Chain Hit [Actions Required]

Published: April 16, 2026
Axios Dependency Incident 2026

Something big just happened in the cybersecurity world. And if you’re using OpenAI’s macOS apps… this affects you directly.

OpenAI has rotated its macOS code-signing certificates after a supply chain attack quietly slipped into its workflow. No, your data wasn’t stolen. But yes, this is serious enough that every macOS user must update before May 8, 2026.

OpenAI responds to North Korea-linked Axios npm compromise by rotating code signing certificates. macOS users must update ChatGPT and Codex apps by May 8.

What Actually Happened

A GitHub Actions workflow in the code-signing of the OpenAI macOS app-signing on March 31, 2026, automatically downloaded and ran an attack version of the Axios JavaScript HTTP library (with approximately 100 million downloads per week) on their system.

That was a malicious version, Axios 1.14.1.

Attackers who had compromised the account of the maintainers of the Axios lead, Jason Saayman, via a social engineering campaign, bogus collaboration arrangements, deceptive Slack workspaces, Microsoft Teams video calls, and so on, pushed it to npm. Google Threat Intelligence Group reported that the attack was carried out by North Korean threat actors, who worked under the name UNC1069.

The malicious file installed a remote access trojan (RAT) on both MacOS, Windows, and Linux platforms. It lasted about three and a half hours. That was enough.

What OpenAI Found and What They Did About It

The third-party forensics and incident response firm was introduced in OpenAI. They did not find any evidence that:

  • The certificate was successfully stolen
  • There was access to user data.
  • Any OpenAI software was altered
  • Intellectual property was compromised

They also verified with Apple that all notarization activities that were associated with the old certificate were authentic.

However, here is the point: OpenAI decided to rotate the certificate as well

This is the correct decision. Once, even in theory, there is a window in which an attacker might have snatched your signing material, you do not roll dice on the probability that it is probably all fine. You turn around, withdraw, and start anew.

The root cause? A poorly configured GitHub Actions workflow that used a floating tag rather than a pinned commit hash, and did not require any minimum age to release new packages. Small configuration gaps. Massive downstream consequences.

Action by OpenAI: Changes on May 8, 2026

Mark this date. The old certificate was completely revoked on May 8, 2026, by OpenAI.

Any macOS application signed using the old certificate will be blocked by macOS security after that date. You can not take off with it.

The lowest versions that you must be running, signed using the new certificate:

  • GPT Desktop: 1.2026.051
  • Codex App: 26.406.40811
  • Codex CLI: 0.119.0
  • Atlas: 1.2026.84.2

Keep up-to-date using the app itself or via the official download pages of OpenAI. Do not have to click update links in emails, adverts, or third-party websites. It is through this that these attacks are further propagated.

The Bigger Picture You Cannot Ignore

The first large-scale company to publicly disclose the effects of the Axios supply chain attack is OpenAI. But it will certainly not be the last.

Wiz estimates that about 80% of cloud and code environments include Axios. In 3% of the affected environments, the malicious version was observed to be executed.

Consider that scale a bit.

Supply chain attacks are effective as programmers have confidence in the tools they use daily. A vulnerability in a popular library need not directly compromise your system. It only requires being carried over on something you already have trust in.

That is why dependency pinning, minimum release age policies and regular workflow audits are now not optional practices. These are security hygiene at the baseline.

Other Previous Supply Chain Attacks

Defend your Organization against Supply Chain Attacks

This accident did not result in any harm, but it could easily have.

Contemporary supply chain attacks do not knock down the door. They sneak and creep through the processes of trust. And before you see it, it is so late.

This is why prevention is more important than response.

Code signing remains important, developing confidence in your software. That trust, however, should be safeguarded by increased controls. To avoid this, organisations are advised to use SBOMs to track dependencies and implement solutions, such as DigiCert Software Trust Manager, to protect signing processes and prevent abuse.

Get in touch, and our team will assist you in securing your pipelines, enhancing the code-signing process, and mitigating risk before it turns into a breach.

Cyber Security

Trusted Code Signing Certificates

Prevent Code Tampering and Authenticate Code Integrity by Digitally Sign your Code with Trusted Code Signing Certificates.

Get Code Signing Certificate

Related posts:

  1. CyberLink Breached Through Supply Chain Attack By North Korean Hackers
  2. What is a Software Bill of Material? SBOM and Supply Chain Security
  3. Salesloft Drift Supply Chain Attack Hits Palo Alto Networks and Zscaler
  4. npm Supply Chain Attack: What Happened and How to Protect Your Software
Janki Mehta

Janki Mehta

Janki Mehta is a Cyber-Security Enthusiast who constantly updates herself with new advancements in the Web/Cyber Security niche. Along with theoretical knowledge, she also implements her practical expertise in day-to-day tasks and helps others to protect themselves from threats.

Leave a comment

Your email address will not be published. Required fields are marked *