OpenAI warns of potential security issue, urges Mac users to update these apps

OpenAI has alerted users of its macOS applications about a potential security issue and is urging them to update to the latest versions immediately. The warning comes after OpenAI identified a security issue involving a third-party developer tool, Axios. While there is no evidence that user data was exposed or that OpenAI’s systems were compromised, the company is taking extra precautions to avoid any possible misuse. As part of these steps, OpenAI is replacing its app verification certificate. Because of this change, older versions of its Mac apps will stop working or receiving updates. Keep reading for all the details.

What happened and what OpenAI is doing

The issue is linked to Axios, a commonly used developer library that was recently compromised as part of a larger supply chain attack. On March 31, 2026, a malicious version of Axios (version 1.14.1) was downloaded and run during one of OpenAI’s automated processes used to sign macOS apps. The system running that process had access to a sensitive signing certificate and related files. This certificate is important because they help users trust that the app is genuine.

Also read: Running out of phone storage? Google is working on Automatic Backup feature to help you, how it may work

OpenAI’s investigation suggests that the attacker likely did not manage to steal the certificate, due to how the process was set up and timed. However, to be safe, OpenAI is treating the certificate as if it could have been exposed. As a precaution, the company is revoking the old certificate and replacing it with a new one. This means older versions of its macOS apps will stop receiving updates and will stop working starting May 8, 2026.

Users are being asked to update the following apps to the latest versions: ChatGPT Desktop, Codex, Codex CLI and Atlas. Updating ensures that the apps are signed with the new, secure certificate.

Also read: Is WhatsApp reading your private chats? Elon Musk, Pavel Durov say you cannot trust it, Meta responds

‘As part of our investigation and response, we engaged a third-party digital forensics and incident response firm, rotated our macOS code signing certificate,  published new builds of all relevant macOS products with the new certificate, and are working with Apple to ensure software signed with the previous certificate cannot be newly notarised,’ OpenAI explained. ‘Once we fully revoke our certificate on May 8th, 2026, new downloads and launches of apps signed with the previous certificate will be blocked by macOS security protections.’