OPENAI revealed on Friday that it is among the organisations affected by the Axios supply chain attack, which cybersecurity experts have attributed to North Korean hackers. Axios is a widely used open source JavaScript HTTP client library, with over 100 million weekly downloads and a dependency in countless projects. In late March, attackers compromised the NPM account of a lead Axios maintainer and published two malicious NPM packages designed to download and execute a cross-platform RAT.
OpenAI conducted its investigation and remediation efforts, noting that a GitHub Actions workflow used in the macOS app-signing process downloaded and executed a malicious Axios (version 1.14.1), which had access to a certificate and notarization material for signing macOS applications such as ChatGPT Desktop, Codex, Codex-cli and Atlas.
The company will revoke and rotate the certificate as a precaution, with full revocation planned for 8 May 2026, after which new downloads signed with the old certificate should be blocked by macOS protections. Evidence of compromise was found on 135 machines by Huntress, while Wiz observed the malicious version executed in 3% of affected environments; the North Korean threat group linked to the campaign, UNC1069, is primarily known for cryptocurrency theft and related money-making schemes.