OpenAI revealed on Friday that it’s one of many organizations affected by the recent Axios supply chain attack, which cybersecurity experts have attributed to North Korean hackers.
Axios is a widely used open source JavaScript HTTP client library for making requests in web and Node.js applications. It has over 100 million weekly downloads and is a dependency in countless developer projects and production systems.
In late March, attackers compromised the NPM account of a lead Axios maintainer and published two malicious NPM packages designed to download and execute a cross-platform RAT capable of running on Windows, macOS, and Linux.
The malicious packages were live for only a few hours before being detected and removed, but many organizations may have been affected.
One of them is OpenAI, which detailed its investigation and remediation efforts, as well as its root cause analysis, in a blog post published on Friday.
“A GitHub Actions workflow we use in the macOS app-signing process downloaded and executed a malicious version of Axios (version 1.14.1),” OpenAI explained. “This workflow had access to a certificate and notarization material used for signing macOS applications, including ChatGPT Desktop, Codex, Codex-cli, and Atlas. This certificate helps customers know that software comes from the legitimate developer, OpenAI.”
The timing of the payload execution and other factors have led the AI giant to believe that the macOS signifying certificate has not been compromised. However, the company has decided to revoke and rotate the certificate as a precaution.
If, however, the certificate was indeed compromised, the attacker could abuse it to sign malicious code and disguise it as legitimate OpenAI software.
“We have stopped new software notarizations using the old certificate, so new software signed with the old certificate by an unauthorized third party would be blocked by default by macOS security protections unless a user explicitly bypasses them,” OpenAI said, adding, “Once we fully revoke our certificate on May 8th, 2026, new downloads and launches of apps signed with the previous certificate will be blocked by macOS security protections.”
It’s unclear exactly how many Axios users were affected, but cybersecurity firm Huntress found evidence of compromise on 135 machines, and cloud security giant Wiz observed the malicious version executed in 3% of affected environments.
While the access provided by the Axios supply chain attack may be useful for espionage, the North Korean threat group linked to the campaign, UNC1069, is primarily known for cryptocurrency theft and other money-making schemes.
Related: CPUID Hacked to Serve Trojanized CPU-Z and HWMonitor Downloads
Related: Telnyx Targeted in Growing TeamPCP Supply Chain Attack
Related: Guardarian Users Targeted With Malicious Strapi NPM Packages
