If you are using OpenAI apps on a MacBook or any Apple desktop, you need to be cautious and take urgent action. OpenAI has recently reported a security issue that impacts its macOS app users. The security issue arose when a third party tool called Axios was targeted on March 31 as part of a broader software supply chain attack, meaning an attack on a tool that many developers use. OpenAI uses Axios tools to certify that its macOS applications are legitimate OpenAI apps.
While the company claims that users’ data was not compromised in the breach and its intellectual property and systems are also safe, it has asked users to remain cautious and update their apps. OpenAI said it is updating security certificates for its apps and has asked all users to update their macOS apps to protect themselves if anybody tries to distribute a fake app. Users are advised to update apps from within the app itself or through official links.
The affected apps include ChatGPT Desktop, Codex App, Codex CLI and Atlas.
What caused the issue
OpenAI uses an automated system called GitHub Actions to build and certify its apps and help customers know that the software comes from the legitimate developer, OpenAI. This automated system downloaded a version of Axios that was infected during the attack and then executed a compromised code.
OpenAI said its systems show that attackers were not able to steal the certificate that proves the legitimacy of its apps. However, as a precaution, the company is disabling the old certificate so it cannot be used anymore and is creating and switching to a new one.
Due to this, older versions of its apps will not receive updates or support and will not remain functional after May 8, 2026.
No need to change passwords
OpenAI said users do not need to change their passwords, as passwords and OpenAI API keys were not affected. The attack has also not affected apps on other operating systems, including Android, Linux, or Windows. However, macOS users are advised to update their apps to ensure they are running the latest versions with updated security certificates.
The company said that since it has blocked old certificates, macOS may block new downloads and app signing. As a result, OpenAI is giving users 30 days to update their apps using the built-in update mechanism.
