The core event stemmed from Axios being tampered with on March 31, 2026, as part of a broader attack linked to North Korea-affiliated actors; this caused OpenAI's GitHub Actions workflow to download and execute a malicious version, potentially exposing macOS app signing certificates and notarization materials for apps like ChatGPT Desktop, Codex, Codex-cli, and Atlas.[2][4] OpenAI's investigation found the signing certificate likely not exfiltrated, with passwords and API keys unaffected; a misconfigured workflow was the root cause, now fixed.[1][2] Involved parties include OpenAI, the Axios library developers, and attackers believed tied to North Korea.[2][4]
In response, OpenAI is updating security certifications, urging macOS users to update apps, and ending support for older versions after May 8, 2026, which may render them non-functional.[2][4] This follows industry-wide risks from third-party tools, highlighting supply chain vulnerabilities in software development.[1][2]
The story is newsworthy due to OpenAI's prominence in AI, raising concerns over macOS app authenticity amid rising nation-state cyber threats, especially as the company faces scrutiny on government tool use and advances cybersecurity initiatives like "Trusted Access for Cyber."[4] Disclosure occurred just one day prior, on April 10, amplifying timeliness.[1][3]