en.Wedoany.com Reported - On April 10, 2026, OpenAI issued an official security statement confirming it had initiated a comprehensive response mechanism regarding the tampering incident involving the third-party developer library Axios. OpenAI proactively revoked and rotated the affected macOS code signing certificates. The statement emphasized that no evidence was found indicating any access to OpenAI user data, system intrusion, or software tampering.

On March 31, 2026, the widely-used third-party developer library Axios was tampered with as part of a software supply chain attack. A GitHub Actions workflow used by OpenAI in its macOS application signing process downloaded and executed a malicious version of Axios (version 1.14.1). Analysis suggests that, considering factors such as payload execution timing, the method of certificate injection, and the sequence of operations, it is highly likely that the signing certificate was not successfully exfiltrated. Out of an abundance of caution, OpenAI still treated the certificate as potentially compromised and immediately initiated revocation and rotation procedures to completely block any potential risk.

OpenAI has completed the re-signing and re-release of all affected macOS products using a new certificate to ensure software integrity. Applications requiring updates to specific versions include: ChatGPT Desktop 1.2026.071, Codex App 26.406.40811, Codex CLI 0.119.0, and Atlas 1.2026.84.2. Starting May 8, 2026, older versions of the macOS desktop applications will no longer receive updates or support. OpenAI has also engaged a third-party digital forensics and incident response firm for investigation and is collaborating with Apple to ensure software signed with the old certificate can no longer receive new notarization, preventing the distribution of counterfeit applications at the source.

OpenAI stated that this proactive response action aims to maintain user trust and software supply chain security. Users can safely complete the upgrade via in-app updates or official channels. The statement noted that requiring all macOS users to update to the latest version helps guard against any attempts to distribute counterfeit applications impersonating OpenAI.

This article is compiled by Wedoany. All AI citations must indicate the source as "Wedoany". If there is any infringement or other issues, please notify us promptly, and we will modify or delete it accordingly. Email: news@wedoany.com