A significant security incident has emerged where hackers gained unauthorized access to an account belonging to a maintainer of Axios, a widely used third-party developer library. This breach allowed the insertion of a malicious script designed to grant remote access to users’ Windows, macOS, and Linux devices. OpenAI has confirmed that this compromised version of Axios potentially impacted its macOS applications, including ChatGPT, and is swiftly responding by issuing an urgent update along with new digital certificates to neutralize any associated risks. The company provided a detailed account of the incident in a recent blog post.
OpenAI's blog post further elucidated the specifics of the supply chain attack, stating: "On March 31, 2026 (UTC), Axios, a widely used third-party developer library, was compromised as part of a broader software supply chain attack. At that time, a GitHub Actions workflow we use in the macOS app-signing process downloaded and executed a malicious version of Axios (version 1.14.1). This workflow had access to a certificate and notarization material used for signing macOS applications, including ChatGPT Desktop, Codex, Codex-cli, and Atlas. This certificate helps customers know that software comes from the legitimate developer, OpenAI."
The Editorial Staff at AIChief is a team of professional content writers with extensive experience in AI and marketing. Founded in 2025, AIChief has quickly grown into the largest free AI resource hub in the industry.