OpenAI Revokes macOS Signing Certificates Following Axios Library Supply Chain Attack

OpenAI has announced a critical security update for its macOS applications following a widespread supply chain attack targeting Axios, a popular third-party development library. The company confirmed that on March 31, 2026, a malicious version of Axios (v1.14.1) was inadvertently downloaded by its GitHub Actions workflow, which is responsible for signing and notarizing macOS software. While OpenAI found no evidence of data breaches or compromised systems, it has proactively revoked its digital signing certificates as a precautionary measure to prevent potential application impersonation.

To maintain service integrity, OpenAI requires all macOS users to update to the latest versions of ChatGPT Desktop, Codex, and Atlas. The company clarified that starting May 8, 2026, older versions will lose support and may cease to function. "Security and user privacy remain our top priorities," OpenAI stated, emphasizing that the rotation of certificates ensures all distributed software carries a verified digital signature, proving its official origin.