OpenAI rotates macOS certs after Axios attack hit code-signing workflow

At a glance:

• OpenAI is rotating macOS code-signing certificates after a compromised Axios package (version 1.14.1) in a GitHub Actions workflow on March 31, 2026.
• The company found no evidence of user data compromise or software alteration but is revoking the certificate out of caution; macOS apps must be updated by May 8, 2026.
• The attack, linked to North Korean group UNC1069, involved a social engineering campaign against an Axios maintainer, leading to malicious npm packages.

What happened

On March 31, 2026, OpenAI's GitHub Actions workflow executed a compromised version of the Axios package (version 1.14.1) during a supply chain attack. The legitimate workflow downloaded and ran this package, which was part of a campaign to deploy malware on devices. This workflow had access to code-signing certificates used to sign OpenAI's macOS applications, including ChatGPT Desktop, Codex, Codex CLI, and Atlas. While OpenAI's investigation found no evidence that the signing certificate was compromised, the company is treating it as potentially compromised out of caution and is now revoking and rotating it.

The risk and response

OpenAI emphasized that there is no evidence that user data was accessed, systems or intellectual property were compromised, or software was altered. However, if the attacker obtained the certificate, they could use it to sign their own macOS applications that appear to be legitimately signed by OpenAI. To mitigate this risk, OpenAI is updating its security certificates, which will require all macOS users to update their OpenAI apps to the latest versions. The company is also working with Apple to ensure no future software can be notarized with the previous certificate. The certificate will be fully revoked on May 8, 2026, after which attempts to launch applications signed with it will be blocked by macOS protections.

Affected applications and platforms

The issue is limited to OpenAI's macOS applications and does not affect its web services or apps on iOS, Android, Windows, or Linux. User accounts, passwords, and API keys were also not impacted. macOS users will need to update their apps to versions signed with the new certificate, as older versions may stop working on May 8, 2026. Users are advised to update via in-app features or the official download pages and to avoid installing software from links sent via email, ads, or third-party sites.

The broader attack context

The Axios supply chain attack has been linked to North Korean threat actors tracked as UNC1069, who conducted a social engineering campaign against one of the project's maintainers. After conducting a fake web conference call that led to the installation of malware, the threat actors gained access to the maintainer's account and published malicious versions of the Axios package to npm. This malicious package included a dependency that installed a remote access trojan (RAT) on macOS, Windows, and Linux systems. According to researchers, the attackers approached developers through convincing fake collaboration setups, including Slack workspaces and Microsoft Teams calls, eventually tricking them into installing malware that led to credential theft and downstream supply chain compromises.

Ongoing monitoring and future steps

OpenAI worked with a third-party incident response firm to conduct the investigation, which found no evidence that the incident exposed its certificates or that they were used to distribute malicious software. The company also analyzed previous notarization activity linked to the certificate and confirmed that everything signed with it was legitimate. OpenAI says it will continue monitoring for any signs that the old certificate is being misused and may speed up the revocation timeline if anything suspicious is detected. This incident is part of a larger campaign to compromise popular open-source projects for widespread supply chain attacks.