OpenAI has revoked the code-signing certificate used to distribute its macOS desktop applications after the company's CI/CD pipeline inadvertently pulled in the trojanized version of the axios npm package during the March 31 supply chain attack.
What Happened
On March 31, 2026, threat actors compromised the npm account of an Axios maintainer and published a malicious version of the widely-used HTTP library. The tampered package contained credential-stealing code that targeted CI/CD environments — a well-documented tactic used in this campaign.
OpenAI disclosed that a GitHub Actions workflow responsible for signing its macOS applications executed during the attack window and downloaded the malicious Axios library as part of the build process.
"Out of an abundance of caution, we are taking steps to protect the process that certifies our macOS applications," OpenAI said in a statement. "We are revoking our existing macOS app certificate and will re-sign our applications."
Scope of the Incident
OpenAI emphasized that the impact was limited:
- No user data was compromised
- No internal systems were accessed
- The certificate revocation is a precautionary measure given the build environment's exposure
The malicious Axios version was designed to exfiltrate CI/CD secrets, tokens, and credentials from pipelines that installed it. While OpenAI states no material damage occurred, the certificate revocation reflects that the signing keys may have been exposed to the compromised runtime environment.
The Axios Supply Chain Attack
The broader Axios npm attack — attributed by Google's Threat Intelligence Group (GTIG) to North Korean hackers tracked as UNC1069 — targeted the official axios npm package maintainer via social engineering. The group posed as a recruiter and used a fake Microsoft Teams error message to trick the maintainer into executing a malicious payload that granted the attackers access to the npm publishing account.
The compromised package was downloaded by thousands of projects before detection. Major organizations, including OpenAI, Mercor, and others, confirmed their build pipelines were affected to varying degrees.
Certificate Revocation Impact
macOS users with older versions of OpenAI desktop applications (such as the ChatGPT app) may encounter security warnings or functionality issues until they update to a re-signed release. Apple's Gatekeeper system will flag binaries signed with revoked certificates.
OpenAI has stated it will re-sign all macOS applications with a new certificate and push updates through standard distribution channels.
Recommendations for Organizations
This incident highlights how a single compromised npm package can cascade through build pipelines at major organizations. Security teams should:
- Audit CI/CD dependency logs from March 28 – April 2, 2026 for the malicious Axios versions (
1.7.8through1.7.10or modified versions around that period) - Rotate any secrets or tokens that were present in build environments during that window
- Implement dependency pinning with integrity hashing to prevent unexpected package substitution
- Enable npm provenance attestations for published packages in your own pipelines
- Review code-signing key storage — consider hardware security modules (HSMs) for certificate private keys rather than CI environment variables
What's Next
OpenAI has not published a detailed post-mortem, but the company's rapid certificate revocation suggests a mature incident response process. The re-signed macOS apps are expected to roll out shortly.
The Axios supply chain attack continues to expose downstream victims weeks after the initial compromise — a pattern consistent with nation-state-level supply chain operations that plant long-fuse payloads into high-trust packages.
Sources: The Hacker News, OpenAI disclosure, Google GTIG reporting on UNC1069