Snapshot from Apr 21, 2026 at 07:00 UTC. For live data and tracking: View Live
Events / OpenAI MacOS App Security Issue
Tech supply chain attack

OpenAI MacOS App Security Issue

Analysis based on 8 articles · First reported Apr 11, 2026 · Last updated Apr 11, 2026

Sentiment
-20
Attention
4
Articles
8
Market Impact
Direct
Live prominence charts, article sentiment distribution, and event development timeline available on the NewsDesk Dashboard
Market Impact

The market impact is moderately negative for OpenAI due to a security incident involving a third-party tool, Axios, potentially affecting user trust. However, the direct financial impact is mitigated as no user data or intellectual property was compromised.

Software Artificial intelligence Cybersecurity
Event Summary

OpenAI identified a security issue related to Axios, a third-party developer tool, which was compromised on March 31 as part of a broader software supply chain attack by actors believed to be linked to North Korea. A misconfigured Microsoft===GitHub Actions workflow used by OpenAI led to the download and execution of a malicious version of Axios, which had access to certificate and notarization material for signing MacOS applications like ChatGPT Desktop, Codex, and Atlas. OpenAI found no evidence of user data access, system compromise, or software alteration. The company is updating security certifications and requiring all MacOS users to update their OpenAI apps to the latest versions to prevent the distribution of fake apps. Older versions of MacOS apps will no longer be supported after May 8. Passwords and OpenAI API keys were not affected, and the root cause, a Microsoft===GitHub Actions workflow misconfiguration, has been addressed.

Key Actions
60 Microsoft===GitHub had misconfigured Actions workflow OpenAI
Entities Involved
priv
OpenAI
OpenAI identified a security issue involving a third-party developer tool, Axios, which was compromised in a supply chain attack. While no user data or intellectual property was compromised, OpenAI is taking steps to protect its macOS application certification process and requires users to update their apps.
Importance 95 Sentiment -10
cnt
North Korea
Actors believed to be linked to North Korea are responsible for the broader software supply chain attack that compromised Axios.
Importance 60 Sentiment -50
subs
Microsoft===GitHub
A Microsoft===GitHub Actions workflow used by OpenAI was misconfigured, allowing a malicious version of Axios to be downloaded and executed. This misconfiguration was the root cause of the security incident.
Importance 40 Sentiment -10
Relationships
OpenAI related Microsoft===GitHub
NEWSDESK
Track this event live

Set up alerts, explore entity relationships, search across thousands of events, and build custom intelligence feeds.

Open Dashboard

About NewsDesk

NewsDesk is a news intelligence platform that converts raw news articles into structured data. It tracks events, entities, and the relationships between them, with sentiment and attention metrics derived from thousands of articles. Pages on this site are daily static snapshots from the platform's live database. For real-time tracking, search, and alerts, the full dashboard is at app.newsdesk.dev.