Security incident involving a third-party developer tool Axios, part of a broader industry incident, prompts immediate action to protect the certification process for macOS applications.
The security certificates are being updated to prevent any potential risks of someone distributing a fake app that appears to be from OpenAI. This involves updating security certificates and requiring all macOS users to update their OpenAI apps to the latest versions.
The GitHub Actions workflow used in the macOS app-signing process downloaded and executed a malicious version of Axios, version 1.14.1, on March 31, 2026 UTC. This workflow had access to a certificate and notarization material used for signing macOS applications, including ChatGPT Desktop, Codex, Codex CLI, and Atlas.
The analysis of the incident concluded that the signing certificate present in this workflow was likely not successfully exfiltrated by the malicious payload due to the timing of the payload execution and certificate injection.
The security and privacy of user information are a top priority. To protect against any potential risks, OpenAI is taking proactive measures to update security certificates and require macOS users to update their apps to the latest versions.
OpenAI is committed to being transparent and taking quick action when issues arise. The company is sharing more technical details and FAQs to inform users about the incident and the steps being taken to protect their information.