OpenAI disclosed a supply chain security incident involving the third-party Axios developer library, compromised on March 31 in a suspected North Korea-linked attack, which briefly exposed signing certificates for its macOS applications including ChatGPT Desktop. The company confirmed no evidence of user data access, system compromise or intellectual property theft, with the malicious payload likely failing to exfiltrate the critical certificate.
OpenAI detected the breach via monitoring tools and immediately revoked affected credentials, mandating macOS app updates. Older versions lose support after May 8, potentially rendering them non-functional. GitHub Actions workflow misconfiguration enabled the Axios download during notarization processes for ChatGPT Desktop, Codex, Codex-cli and Atlas.
North Korea-Linked Supply Chain Attack
Axios—a ubiquitous HTTP client library—suffered compromise as part of broader developer tooling attacks attributed to Lazarus Group affiliates. OpenAI’s workflow automatically fetched the tainted version, granting temporary access to macOS signing materials essential for App Store distribution and Gatekeeper validation.
Rapid response contained exposure: analysis confirmed payload execution but probable failure in certificate extraction. Passwords, API keys and core systems remained unaffected. OpenAI enhanced workflow security, implementing stricter dependency verification and isolated builds.
Broader Implications for AI Security
The incident underscores escalating supply chain threats targeting developer ecosystems. North Korean actors increasingly favour tooling compromises over direct platform attacks, evading traditional defences. OpenAI joins Google, Microsoft in recent Axios incidents, highlighting library risks in high-velocity AI deployment pipelines.
Company emphasised transparency: “No user conversations, prompts or files were impacted.” macOS users urged immediate updates via App Store to receive renewed certificates.
Mitigation and Industry Response
OpenAI’s fixes include dependency pinning, runtime integrity checks and certificate rotation protocols. The event reinforces calls for software bill of materials (SBOM) mandates and zero-trust library sourcing. No broader ecosystem compromise detected, but developers worldwide advised Axios version audits.
