If you run OpenAI’s desktop tools on a Mac, you may want to check for updates today. The company says a recent supply chain incident involving the Axios developer library briefly intersected with part of its macOS app signing workflow. The good news is that OpenAI says it found no evidence that user data was accessed, its systems were breached, or its software was altered.
Still, the company isn’t taking any chances.
According to OpenAI, the situation began on March 31, 2026, when Axios version 1.14.1 was compromised as part of a broader supply chain attack that made waves across the developer community. During that same period, a GitHub Actions workflow used in OpenAI’s macOS signing pipeline downloaded and executed the malicious package.
That workflow had access to certificate and notarization material used to sign official macOS builds of ChatGPT Desktop, Codex, Codex CLI, and Atlas. Those certificates are what allow macOS to verify that an application actually comes from OpenAI and hasn’t been tampered with.
OpenAI’s internal investigation suggests the certificate likely was not successfully stolen. Timing, job sequencing, and how the certificate was injected into the build process appear to have limited the risk. Even so, the company is treating the certificate as if it might have been exposed.
As a result, OpenAI has rotated the signing certificate and released new builds of its macOS apps using the updated credentials. The company is now asking users to update their apps to ensure they are running versions signed with the new certificate.
There is also a deadline involved.
OpenAI says older versions of its macOS desktop apps will stop receiving updates or support after May 8, 2026, and some versions may stop functioning altogether. The earliest versions signed with the new certificate include ChatGPT Desktop 1.2026.071, Codex App 26.406.40811, Codex CLI 0.119.0, and Atlas 1.2026.84.2.
The concern here is not that OpenAI’s software itself was compromised. Rather, the risk in a situation like this is that someone could theoretically sign malicious software with the same certificate, making it appear legitimate to macOS security systems.
So far, OpenAI says it has seen no evidence of that happening.
The company has also worked with Apple to ensure the previous certificate cannot be used to notarize new macOS apps. That means even if someone attempted to distribute software signed with the old certificate, macOS protections would likely block it unless a user manually bypassed the warnings.
OpenAI also reviewed all notarization activity tied to the certificate and confirmed that every recorded event was expected. In other words, nothing suspicious showed up.
The root cause of the problem appears to come down to a configuration mistake in the GitHub Actions workflow. Specifically, the workflow used a floating dependency tag instead of locking to a specific commit hash. It also lacked a minimum release age requirement for packages, which allowed the compromised Axios version to slip into the pipeline during the attack window.
Importantly, this incident only affects OpenAI’s macOS apps. The company says its web services and apps on iOS, Android, Windows, and Linux are not impacted.
Users also do not need to reset passwords or rotate API keys. Those systems were never exposed.
Even so, OpenAI is advising users to be cautious when downloading updates. The company recommends installing updates only through the app’s built-in updater or its official download pages. Any installers claiming to be ChatGPT or Codex that arrive through email, ads, or third-party download sites should be treated with suspicion.
Supply chain attacks have become a real headache for software developers over the past few years. In this case, OpenAI appears to have caught the issue quickly, investigated it thoroughly, and taken the safe route by rotating its certificates.
For Mac users running its desktop apps, the takeaway is simple. Update your software before the May deadline and move on.
