OpenAI warns Mac users to update apps after third-party security issue

Published: 11 April 2026
OpenAI ChatGPT
Image by Ascannio | Shutterstock

OpenAI has identified a security issue related to a third-party developer library, Axios, and is working to protect the system used to verify its macOS apps as legitimate OpenAI software.

The company said in a press release that there is no evidence that its user data was accessed, that its ​systems or intellectual property were compromised, or that its software ​was altered.

OpenAI is updating its security certificates, which will require all macOS users to update their OpenAI apps to the latest versions. This will help protect users against someone attempting to distribute a fake app that appears to be from OpenAI.

ADVERTISEMENT
jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News
Google News Follow us

On March 31st, 2026, Axios was compromised as part of a broader software supply chain attack.⁠ OpenAI said a GitHub Actions workflow used in its macOS app-signing process downloaded a malicious version of Axios. That workflow had access to the digital certificate used to verify that apps like ChatGPT Desktop and Codex genuinely come from OpenAI.

The company said that its analysis concluded that the signing certificate was likely not successfully exfiltrated by the malicious payload. However, it’s still treating the certificate as compromised.

Therefore, older versions of macOS desktop apps will no longer receive updates or support, and may not be functional as of May 8th.

In case of a successful compromise, malicious actors could use the certificate to sign their own code, making it seem like legitimate OpenAI software.

“We have stopped new software notarizations using the old certificate, so new software signed with the old certificate by an unauthorized third party would be blocked by default by macOS security protections unless a user explicitly bypasses them,” the press release said.

Strong password generator

Upgrade the security of your online accounts.
Create strong passwords that are completely random and impossible to guess.
Generated unique password
Ad link_title
Convenient way to secure and use all your passwords. Now 72% OFF!
Get NordPass

The company explained that the incident occurred due to a misconfiguration in the GitHub Actions workflow, which has since been resolved.

ADVERTISEMENT

According to OpenAI, passwords and OpenAI API keys were not affected. The web versions of its software were also not affected – the incident only concerned OpenAI macOS apps.

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked