OpenAI has reported a security incident involving the Axios developer tool, affecting the macOS app signing process. On March 31, 2026, a compromised version of Axios was included in a GitHub Actions workflow, leading to concerns over the signing credibility of applications like ChatGPT Desktop and Codex. While OpenAI assured users that no customer data, systems, or intellectual property were breached, they took precautionary steps by revoking and rotating the compromised signing certificate and releasing new app builds. Users are advised to update to the latest versions of affected apps, as older versions will lose support after May 8. The incident highlights the importance of supply chain security and trust models, demonstrating that a signing issue can have significant ramifications. OpenAI’s transparent approach and prompt communication reflect a commitment to user safety and emphasize the critical nature of securing software distribution pathways.
Source link
Share
Read more