OpenAI has rotated the code-signing certificates for its Mac applications after a supply chain attack compromised a software library called Axios. The issue was detected on 31 March 2026 when hackers hijacked the account of the lead developer for Axios, Jason Saayman.
For your information, Axios is widely used by developers to help applications communicate with servers; it is currently used in roughly 80% of cloud environments and receives around 100 million weekly downloads.
This latest development follows earlier reporting from Hackread.com in March, which explained how hackers bypassed standard npm and GitHub security checks to publish malicious Axios versions 1.14.1 and 0.30.4.
These versions contained a backdoor named WAVESHAPER.V2. It was hidden inside a fake dependency called plain-crypto-js. The malware was live for only three hours, but the first infection occurred just 89 seconds after it was posted. And now, OpenAI has confirmed that its automated systems fetched this compromised code during that short time-frame.
Why OpenAI is rotating its certificates
OpenAI confirmed that its internal build pipeline accidentally downloaded the malicious Axios 1.14.1 version during the March attack. Because this environment has access to the code-signing certificates, which verify that OpenAI’s software is authentic and untampered, the company must treat those credentials as potentially compromised. The affected applications include: ChatGPT Desktop, Codex, Codex-cli, and Atlas.
According to OpenAI’s official response to this incident, the hackers probably didn’t have enough time to steal these certificate files. The company claims that they found no proof that user data was accessed or that their software was changed. However, they are still treating the certificates as compromised and revoking them, switching to new ones.
“Our analysis of the incident concluded that the signing certificate present in this workflow was likely not successfully exfiltrated by the malicious payload due to the timing of the payload execution, certificate injection into the job, sequencing of the job itself, and other mitigating factors. Nevertheless, out of an abundance of caution, we are treating the certificate as compromised and are revoking and rotating it,” the company stated.
Important update deadline for users
OpenAI has released patched versions of their apps with new certificates to ensure users aren’t running insecure code. From 8 May 2026, macOS will start blocking any versions using the old, revoked certificates; therefore, updating to the latest, re-signed version is important for all, and make sure you are using these specific versions or newer:
- Atlas: 1.2026.84.2
- Codex CLI: 0.119.0
- Codex App: 26.406.40811
- ChatGPT Desktop: 1.2026.071
This attack has been attributed to a North Korea-linked group known as UNC1069. Usually, this group’s attacks are focused on stealing cryptocurrency, but this time, they targeted a software library. They probably now want to reach internal systems at companies like OpenAI and access high-value signing keys and credentials that are usually unreachable through direct attacks. Timely software updates remain your primary defense against such infrastructure-level threats.
Deeba Ahmed
