OpenAI Rotates macOS Certificates Following Axios Supply Chain Breach
OpenAI rotates macOS certificates after Axios supply chain attack compromised build pipeline.
Summary
OpenAI's automated build system accidentally downloaded a malicious version of Axios (1.14.1) containing the WAVESHAPER.V2 backdoor during a March 2026 supply chain attack attributed to North Korean group UNC1069. Although OpenAI found no evidence that code-signing certificates were exfiltrated or that user data was accessed, the company is revoking and rotating certificates for ChatGPT Desktop, Codex, Codex-cli, and Atlas as a precaution. Users must update to patched versions before macOS begins blocking revoked certificates on May 8, 2026.
Full text
Security Artificial Intelligence MalwareOpenAI Rotates macOS Certificates Following Axios Supply Chain Breach OpenAI rotates macOS certificates after downloading a compromised Axios version, urging users to update apps before revoked certificates are blocked in May 2026. byDeeba AhmedApril 13, 20262 minute read OpenAI has rotated the code-signing certificates for its Mac applications after a supply chain attack compromised a software library called Axios. The issue was detected on 31 March 2026 when hackers hijacked the account of the lead developer for Axios, Jason Saayman. For your information, Axios is widely used by developers to help applications communicate with servers; it is currently used in roughly 80% of cloud environments and receives around 100 million weekly downloads. This latest development follows earlier reporting from Hackread.com in March, which explained how hackers bypassed standard npm and GitHub security checks to publish malicious Axios versions 1.14.1 and 0.30.4. These versions contained a backdoor named WAVESHAPER.V2. It was hidden inside a fake dependency called plain-crypto-js. The malware was live for only three hours, but the first infection occurred just 89 seconds after it was posted. And now, OpenAI has confirmed that its automated systems fetched this compromised code during that short time-frame. Why OpenAI is rotating its certificates OpenAI confirmed that its internal build pipeline accidentally downloaded the malicious Axios 1.14.1 version during the March attack. Because this environment has access to the code-signing certificates, which verify that OpenAI’s software is authentic and untampered, the company must treat those credentials as potentially compromised. The affected applications include: ChatGPT Desktop, Codex, Codex-cli, and Atlas. According to OpenAI’s official response to this incident, the hackers probably didn’t have enough time to steal these certificate files. The company claims that they found no proof that user data was accessed or that their software was changed. However, they are still treating the certificates as compromised and revoking them, switching to new ones. “Our analysis of the incident concluded that the signing certificate present in this workflow was likely not successfully exfiltrated by the malicious payload due to the timing of the payload execution, certificate injection into the job, sequencing of the job itself, and other mitigating factors. Nevertheless, out of an abundance of caution, we are treating the certificate as compromised and are revoking and rotating it,” the company stated. Important update deadline for users OpenAI has released patched versions of their apps with new certificates to ensure users aren’t running insecure code. From 8 May 2026, macOS will start blocking any versions using the old, revoked certificates; therefore, updating to the latest, re-signed version is important for all, and make sure you are using these specific versions or newer: Atlas: 1.2026.84.2 Codex CLI: 0.119.0 Codex App: 26.406.40811 ChatGPT Desktop: 1.2026.071 This attack has been attributed to a North Korea-linked group known as UNC1069. Usually, this group’s attacks are focused on stealing cryptocurrency, but this time, they targeted a software library. They probably now want to reach internal systems at companies like OpenAI and access high-value signing keys and credentials that are usually unreachable through direct attacks. Timely software updates remain your primary defense against such infrastructure-level threats. Deeba Ahmed Deeba is a veteran cybersecurity reporter at Hackread.com with over a decade of experience covering cybercrime, vulnerabilities, and security events. Her expertise and in-depth analysis make her a key contributor to the platform’s trusted coverage. View Posts AxiosChatGPTCyber AttackCybersecuritymacOSNorth KoreaOpenAISupply Chain AttackUNC1069 Leave a Reply Cancel reply View Comments (0) Related Posts Read More Security Malware New DripDropper Malware Exploits Linux Flaw Then Patches It Lock Rivals Out A new report from Red Canary reveals a clever Linux malware called DripDropper that exploits a flaw and… byDeeba Ahmed Read More News Privacy Security Microsoft Found Shein App Copying Clipboard Content on Android Phones An old version of the Shein app was found to be accessing and copying clipboard content on Android devices before being detected and reported by Microsoft to Google. byWaqas Read More Cyber Attacks Security UK Royal Family Website Hit by DDoS Attack from KillNet The DDoS attack took place around 10 a.m. local time. byWaqas Malware Security Fake EFF Website Found Targeting Users with Espionage Malware A website domain has been discovered by Google’s cyber-security team to be impersonating the Electronic Frontier Foundation (EFF).… byWaqas
Indicators of Compromise
- malware — WAVESHAPER.V2
- malware — plain-crypto-js