OpenAI issued a security notice on April 11, stating that it recently discovered a security issue involving the third-party development library Axios. OpenAI emphasized that there is no evidence showing that user data was accessed, systems were compromised, or software was tampered with. However, based on a precautionary approach, it is updating the security credentials of all macOS applications, requiring all macOS users to update to the latest version.
Impact of the Axios supply chain incident
This security issue stems from a supply chain attack involving Axios — a widely used JavaScript HTTP request library. This is not an issue unique to OpenAI, but an event affecting the entire industry. Previously, Anthropic’s Claude Code was also impacted by related supply chain risks during the same period.
OpenAI said it is updating security credentials to prevent anyone from trying to distribute counterfeit software disguised as an official OpenAI application. While this kind of risk is “extremely unlikely” to occur, the company has chosen to take preventative measures.
macOS applications affected
The macOS applications that need to be updated include:
ChatGPT Desktop
Codex App
Codex CLI
Atlas
Users can update via the built-in update feature within the app or by going to OpenAI’s official link to download the latest version. OpenAI recommends that all macOS users complete the update as soon as possible.
Supply chain security for AI tools is drawing increasing attention
The incident once again highlights the supply chain security risks that AI tools face. As AI programming tools (such as ChatGPT, Claude Code, and Codex) have become central to developers’ everyday workflows, the third-party libraries these tools rely on also become targets for attackers.
Just the day before, security researchers had revealed a research report on 26 LLM router models secretly injecting malicious instructions, and the U.S. Department of the Treasury also expanded finance-grade cybersecurity intelligence to the digital asset industry. The security of AI tools is becoming a top priority for the entire industry.
This article, OpenAI urgently requests that all macOS users update their applications; the Axios supply chain attack triggers security credential updates, first appeared on LianNews ABMedia.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
