In a significant security incident that sent shockwaves through the developer community, OpenAI has been forced to respond after a popular coding tool was hijacked to deliver malware affecting ChatGPT’s macOS applications. The company announced it is issuing security certificate updates and new credentials to mitigate potential risks to users.
The breach originated when hackers gained access to an account belonging to the maintainer of Axios, a widely-used JavaScript library for handling HTTP requests. According to security researchers at StepSecurity, malicious versions of Axios??pecifically versions 1.14.1 and 0.30.4??ere found containing a remote access trojan capable of compromising users’ Windows, macOS, and Linux devices.
The Chain of Compromise
What makes this incident particularly concerning is how the attack chain unfolded. On March 31, 2026, Axios was compromised as part of a broader software supply chain attack. A GitHub Actions workflow used in OpenAI’s macOS app-signing process downloaded and executed the malicious version of Axios during the build pipeline.
This workflow had access to a certificate and notarization material used for signing macOS applications, including ChatGPT Desktop, Codex, Codex-cli, and Atlas. The certificate serves as a critical security mechanism that helps users verify that software comes from its legitimate developer??penAI, in this case.
OpenAI’s Response
OpenAI disclosed the incident in an official blog post, acknowledging that the compromise created potential risks for users who had downloaded ChatGPT’s macOS applications. The company moved quickly to address the vulnerability by issuing updated security certificates and providing guidance for affected users.
“The certificate helps customers know that software comes from the legitimate developer,” OpenAI stated in its disclosure. The company has since revoked the compromised certificate and is in the process of re-signing all affected applications with new credentials.
Scope of the Breach
While the full extent of the damage remains unclear, security experts note that remote access trojans can give attackers persistent access to compromised systems, potentially allowing them to steal data, monitor user activity, or pivot to further attacks within an organization’s network.
The Axios library is used by millions of developers worldwide, making the supply chain attack particularly dangerous. Security researchers emphasize that the compromise highlights the fragility of the software supply chain and the importance of verifying dependencies at every stage of the development process.
Industry Implications
This incident underscores a troubling trend in cybersecurity: the increasing sophistication of supply chain attacks targeting open-source ecosystems. Even security-conscious organizations with robust internal practices can find themselves compromised through trusted third-party dependencies.
For enterprise users of ChatGPT and related OpenAI tools, security teams are recommending immediate action: revoke any potentially compromised certificates, re-download applications from official sources, and audit systems for signs of unauthorized access.
Looking Forward
OpenAI’s swift response demonstrates the growing maturity of security practices among major AI companies. However, the incident serves as a stark reminder that as AI tools become increasingly integrated into developer workflows, they also become attractive targets for threat actors.
The company has committed to providing updates as the investigation continues and has encouraged any users who believe they may have been affected to contact their security team immediately.
This breach highlights the critical importance of supply chain security in an era where AI-powered tools are becoming essential infrastructure for millions of developers and organizations worldwide.