OpenAI recently disclosed a security incident linked to a third-party tool, Axios, following a supply chain attack allegedly involving North Korean actors. The attack, which occurred on March 31, 2026, targeted the Axios library, used in application development. OpenAI confirmed that there was no unauthorized access to user data or compromise of its internal systems. The vulnerability stemmed from a GitHub Actions workflow that mistakenly downloaded a maliciously injected version of Axios, compromising security certificates for their macOS applications, such as ChatGPT Desktop and Codex. As a precaution, OpenAI is updating its security system and mandating that all macOS users upgrade to the latest application version by May 8, 2026. This incident underscores the need for robust software supply chain security, demonstrating that even major tech firms must remain vigilant against external threats. OpenAI’s timely response is essential for maintaining user trust in an increasingly complex software ecosystem.
Source link
