OpenAI has disclosed that it was affected by a recent software supply chain attack involving the widely used open-source JavaScript library Axios, which has been linked to North Korean threat actors. The incident highlights the growing risk of attacks targeting trusted developer tools used across global software ecosystems.
The breach originated in late March, when attackers compromised the NPM account of an Axios maintainer and published malicious versions of the library. These poisoned packages were designed to deploy a cross-platform remote access trojan (RAT) capable of affecting Windows, macOS, and Linux systems. Although the malicious versions were removed within hours, the widespread use of Axios meant multiple organizations, including OpenAI, were exposed.
OpenAI revealed that one of its internal GitHub workflows, used for signing macOS applications, downloaded and executed the compromised Axios version. This workflow had access to sensitive code-signing certificates used to verify the authenticity of apps such as ChatGPT Desktop, Codex, and Atlas.
While the incident raised concerns about potential misuse of these certificates, OpenAI stated that its investigation found no evidence that user data, internal systems, or intellectual property were compromised. The company also noted that the certificate was likely not successfully exfiltrated by the attackers.
As a precautionary measure, OpenAI has revoked and rotated its macOS code-signing certificate and halted new software notarizations using the old certificate. It also announced that older versions of its macOS applications will lose support after May 8, 2026, requiring users to upgrade to the latest versions to maintain security.
The attack has been attributed to a North Korea-linked hacking group known for conducting supply chain attacks to infiltrate widely used software components. Security experts warn that such attacks are particularly dangerous because they exploit trusted dependencies, allowing malware to spread at scale without direct user interaction.
The incident underscores a broader trend in cybersecurity, where even highly secure organizations can be indirectly impacted through vulnerabilities in third-party software. It also highlights the need for stronger safeguards in software supply chains, particularly as AI companies become increasingly high-value targets for sophisticated cyber threats.
