OpenAI warns of potential security issue, urges Mac users to update these apps
Follow UsOpenAI has alerted users of its macOS applications about a potential security issue.
The warning comes after OpenAI identified a security issue involving a third-party developer tool, Axios.
Users are being asked to update the following apps to the latest versions: ChatGPT Desktop, Codex, Codex CLI and Atlas.
OpenAI has alerted users of its macOS applications about a potential security issue and is urging them to update to the latest versions immediately. The warning comes after OpenAI identified a security issue involving a third-party developer tool, Axios. While there is no evidence that user data was exposed or that OpenAI’s systems were compromised, the company is taking extra precautions to avoid any possible misuse. As part of these steps, OpenAI is replacing its app verification certificate. Because of this change, older versions of its Mac apps will stop working or receiving updates. Keep reading for all the details.
SurveyWhat happened and what OpenAI is doing
The issue is linked to Axios, a commonly used developer library that was recently compromised as part of a larger supply chain attack. On March 31, 2026, a malicious version of Axios (version 1.14.1) was downloaded and run during one of OpenAI’s automated processes used to sign macOS apps. The system running that process had access to a sensitive signing certificate and related files. This certificate is important because they help users trust that the app is genuine.
OpenAI’s investigation suggests that the attacker likely did not manage to steal the certificate, due to how the process was set up and timed. However, to be safe, OpenAI is treating the certificate as if it could have been exposed. As a precaution, the company is revoking the old certificate and replacing it with a new one. This means older versions of its macOS apps will stop receiving updates and will stop working starting May 8, 2026.
Users are being asked to update the following apps to the latest versions: ChatGPT Desktop, Codex, Codex CLI and Atlas. Updating ensures that the apps are signed with the new, secure certificate.
‘As part of our investigation and response, we engaged a third-party digital forensics and incident response firm, rotated our macOS code signing certificate, published new builds of all relevant macOS products with the new certificate, and are working with Apple to ensure software signed with the previous certificate cannot be newly notarised,’ OpenAI explained. ‘Once we fully revoke our certificate on May 8th, 2026, new downloads and launches of apps signed with the previous certificate will be blocked by macOS security protections.’
