Fast Facts
- OpenAI’s macOS app signing process was compromised via a GitHub Actions workflow, which downloaded a malicious Axios library, but no user data was affected.
- The incident was linked to a broader supply chain attack by North Korean hackers, involving poisoned npm packages and malware deploying backdoors across multiple platforms.
- OpenAI is revoking and rotating its compromised signing certificate, with older app versions becoming unsupported by May 2026, and is working with Apple to prevent future misuse.
- Cybersecurity experts warn that such supply chain breaches threaten trust in open-source dependencies, urging organizations to implement strict verification and security best practices.
OpenAI Reacts to Supply Chain Breach by Revoking macOS App Certificate
OpenAI recently took swift action after discovering a security incident involving its macOS applications. The company revealed that a GitHub Actions workflow used for signing its macOS apps downloaded a malicious version of the Axios library on March 31. Fortunately, no user data or internal systems were compromised during the event. To protect its users, OpenAI decided to revoke and rotate its app signing certificate. This move meant that older versions of their apps, like ChatGPT Desktop and Codex, would no longer receive updates after May 8, 2026. The company also works closely with Apple to prevent these older applications from being re notarized. While the security breach posed a potential risk for malicious actors to sign fake OpenAI apps, the company’s quick response and transparency help maintain user trust. This incident highlights the importance of verifying software integrity through multiple layers of security, especially for widely used applications in the AI industry.
Wider Impact of Supply Chain Attacks on Open-Source Ecosystems
The breach involving OpenAI’s macOS apps is part of a larger pattern of supply chain attacks that rocked the open-source community in March. One major attack targeted Axios, a popular HTTP client library, which was compromised through malicious versions containing harmful dependencies. Cybercriminal groups used these vulnerabilities to steal credentials, deploy trojans, and even launch ransomware campaigns. These attacks affected multiple ecosystems including npm, PyPI, and GitHub Actions workflows, resulting in widespread potential damage. Experts warn that attackers can exploit trusted tools and dependencies, causing cascading failures in many projects. For organizations and developers, this emphasizes the need to adopt strict security practices. Measures such as pinning packages, verifying identities, and monitoring for suspicious activity are vital steps to guard against these evolving threats. The events serve as a stark reminder that trust in open-source tools must be coupled with thorough verification, especially as malicious actors increasingly target automation pipelines and dependency chains.
Expand Your Tech Knowledge
Learn how the Internet of Things (IoT) is transforming everyday life.
Discover archived knowledge and digital history on the Internet Archive.
DataProtection-V1
