OpenAI disclosed a supply-chain security incident tied to a compromised version of the widely used JavaScript library Axios (v1.14.1), which was briefly distributed through npm as part of a broader campaign attributed by Google Threat Intelligence Group to a North Korea-linked actor.
OpenAI says a GitHub Actions workflow in its macOS app-signing process downloaded and executed the malicious package on March 31. The workflow had access to code-signing and notarization material used for ChatGPT Desktop, Codex, Codex CLI, and Atlas.
OpenAI reports no evidence that user data was accessed, no evidence products were altered, and no confirmed misuse of signing material. But the company is treating the certificate as potentially compromised anyway: revoking and rotating signing credentials, issuing new builds, and requiring macOS users to update.
Starting May 8, older signed builds will lose support and may stop functioning. OpenAI says this is to reduce the risk of malicious software being distributed under a trusted OpenAI signature.
Why it matters
- Supply-chain blast radius is huge: Axios has massive ecosystem usage, so even a short-lived compromise can reach critical workflows fast.
- Trust infrastructure is now a target: code-signing and notarization systems are part of the AI security perimeter, not just release plumbing.
- Operational discipline is becoming a differentiator: OpenAI’s response (certificate rotation, forced update window, DFIR engagement) sets a new expectation for how labs handle pipeline compromises.
For users and teams, the practical takeaway is simple: keep desktop AI tooling updated aggressively, and treat CI/CD dependency controls as first-class security controls.
Also in the news
- Anthropic’s Project Glasswing is still rippling through security circles, as organizations reassess patch velocity and AI-assisted vulnerability workflows.
- Gemma 4’s Apache 2.0 licensing move continues to influence enterprise open-model selection criteria beyond pure benchmark performance.
- AI coding tool economics remain in flux, with platform access and entitlement changes forcing teams to rebalance subscription versus API spending.