OpenAI’s Silent Breach: Why You Must Update Your macOS ChatGPT App Before May 8

The esteemed open-source library @Axios recently fell victim to a sophisticated supply chain incursion in late March, wherein a hijacked developer account was utilized to disseminate malicious versions. In a disconcerting revelation, OpenAI has disclosed that its own software ecosystem—including the ChatGPT desktop client, Codex, Codex-CLI, and the Atlas browser—was caught in the fallout of this breach.

While there is currently no empirical evidence suggesting that user data has been compromised, the integrity of OpenAI’s developer certificates was potentially jeopardized. Consequently, OpenAI has unilaterally revoked its legacy certificates and transitioned to a novel cryptographic foundation, necessitating that all users migrate to the latest software iterations to ensure continued functionality.

The breach transpired when OpenAI’s macOS application signing process, orchestrated via GitHub Actions, unwittingly retrieved and executed the deleterious version of @Axios (v1.14.1). This sequence provided the adversary with a theoretical window of access to OpenAI’s signing credentials and notarization materials. Following a meticulous forensic investigation, OpenAI concluded that the signing certificates likely remained secure, citing the ephemeral execution time of the malicious payload and the specific architectural sequence of the workflow.

Nevertheless, adhering to the principle of maximum precaution, OpenAI is treating these certificates as compromised. By revoking the legacy credentials and re-signing all applications with fresh certificates, the organization aims to neutralize the risk of an attacker distributing backdoored software cloaked in the guise of authenticity.

As a final measure of transition, OpenAI will formally nullify the old signing certificates on May 8, 2026. Beyond this deadline, legacy versions of OpenAI software on the macOS platform will fail to initialize. Users are therefore urged to adopt the following updated versions immediately:

• ChatGPT for Desktop: v1.2026.051
• Codex App: v26.406.40811
• Codex CLI: v0.119.0
• Atlas: v1.2026.84.2