OpenAI has confirmed a security issue involving a third-party developer tool called Axios. The company said it is taking immediate steps to strengthen protections for its macOS applications.
OpenAI stated that the issue affected a GitHub Actions workflow used in its development process. This workflow briefly interacted with a compromised version of Axios during a supply chain attack.
The company clarified that no user data was accessed. OpenAI also confirmed that its core systems were not compromised. It added that its intellectual property remained secure throughout the incident.
According to OpenAI, the attack is believed to be linked to North Korean actors. The compromised Axios library was part of a broader software supply chain incident reported on March 31.
OpenAI explained that the workflow had access to macOS signing and notarization materials. These are used to verify official OpenAI applications such as ChatGPT Desktop and Codex tools.
However, OpenAI said there is no evidence that the signing certificates were stolen. The malicious activity did not successfully extract sensitive credentials, according to its internal review.
As a precaution, OpenAI is updating its security certifications. The company is also requiring all macOS users to update their OpenAI apps to the latest version.
OpenAI emphasized that older app versions will lose support. Starting May 8, outdated macOS applications may stop functioning properly or receive no further updates.
The company also reassured users that passwords and API keys were not affected. It said the issue was caused by a misconfiguration in a GitHub workflow, which has now been fixed.
OpenAI is continuing to monitor its systems closely. The company said it is strengthening its supply chain security to prevent similar incidents in the future.
In its statement, OpenAI highlighted that protecting user trust remains a top priority. The company is working to ensure all OpenAI applications remain safe and secure.
OpenAI also urged users to stay updated with the latest software versions. This helps reduce risks linked to third-party vulnerabilities and unauthorized access attempts.
In other news read more about OpenAI Robotics Head Resigns Over Pentagon Deal Concerns
The incident highlights growing concerns about software supply chain attacks. OpenAI said it will continue improving its security infrastructure to safeguard its products and users.
