OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

OpenAI has taken the drastic step of rotating its developer signing certificates for macOS, forcing a mandatory update for all desktop users after a critical third-party library was linked to state-sponsored malware.

SAN FRANCISCO, CA — OpenAI has confirmed it is rotating the digital certificates used to sign its macOS applications after discovering that a widely used developer tool, Axios, was compromised in a sophisticated supply chain attack. The incident has forced OpenAI to revoke its existing macOS app certificate, rendering older versions of the ChatGPT Mac app unusable and requiring users to download a hardened update immediately.

The move comes as the industry grapples with the fallout of the North Korean-linked supply chain attack via the Axios npm package, which we previously reported on as a major escalation in state-sponsored cyber-espionage.

The Root Cause: The Axios npm Poisoning

The security incident stems from the poisoning of a dependency within the Axios developer ecosystem — a popular HTTP client used by millions of applications to communicate with APIs. Threat actors successfully injected malicious code into the npm registry, allowing for arbitrary code execution during the application build process.

While OpenAI maintains that its internal production systems and core user data remain unaffected, the company opted for a " scorched earth" approach to its macOS signatures to ensure no potentially tampered binaries remain active in the wild.

"Out of an abundance of caution, we have revoked the certificate used for previous versions of the ChatGPT app for macOS," an OpenAI spokesperson stated. "Users must update to the latest version to ensure continued protection against third-party library vulnerabilities."

Timeline and Response

Security researchers at The Hacker News and Cybersecurity News noted that the malicious package was specifically designed to target macOS environments, seeking to exfiltrate keychain data and environment variables.

• April 11: The Axios compromise was identified by secondary security audits.
• April 12: OpenAI begins a global rollout of a new certificate and an emergency app update.
• April 13: Older versions of the app trigger macOS "Gatekeeper" warnings, effectively blocking execution for unpatched users.

Industry analysts suggest that OpenAI's quick response was necessitated by the high-profile nature of its user base, which includes C-suite executives and government officials who utilize the Mac app for sensitive AI-assisted workflows.

The CyberSignal Analysis

Signal 01 — The "Certificate Nuke" as Incident Response

Revoking a developer certificate is a disruptive "nuclear option" because it breaks every previous version of the software. OpenAI's decision to do this indicates they believed the risk of a "hidden" backdoor in the Axios-dependent build was high enough to justify the mass user friction of a forced update. For IT leaders, this reinforces that supply chain attacks are no longer peripheral risks — they can invalidate your entire software trust model in hours.

Signal 02 — Target: The Developer Desktop

By targeting Axios, North Korean actors (linked to the Lazarus or Kimsuky groups) successfully bypassed the "front door" of OpenAI and went straight for the tools used to build the software. This highlights a critical need for Vulnerability Management at the build-pipeline level, not just the finished product. If your organization uses npm-based tools, you must audit your lockfiles immediately.

Sources