OpenAI reported a security issue related to the third-party Axios library and strengthened the protection of processes that authenticate its macOS applications. The company stated that it found no evidence of user data access, system breaches, or software changes. This was reported by Reuters, writes UNN.
Details
According to the company, on March 31, the Axios library was compromised as part of a software supply chain attack, which OpenAI attributes to groups likely linked to North Korea.
OpenAI CEO breaks silence after 'Molotov cocktail' attack on his estate11.04.26, 18:41
The incident led to the launch of a malicious GitHub Actions workflow that had access to certificates used to sign macOS applications, including ChatGPT Desktop, Codex, Codex-cli, and Atlas.
Consequences and recommendations
Analysis showed that the signing certificate was most likely not extracted by malicious code. Passwords and API keys were not affected. OpenAI fixed the misconfiguration in GitHub Actions and is updating security certificates.
The company urged macOS users to update their applications to the latest versions, warning that from May 8, older versions of desktop applications will no longer be supported and may stop working.
Key OpenAI specialists move to Meta amid AI race11.04.26, 06:49