Remember that North Korean supply chain attack that poisoned the Axios npm package two weeks ago? The one we reported on when 1,700 packages were waiting in the wings?

It got inside OpenAI.

On Friday, OpenAI disclosed that a compromised version of Axios (version 1.14.1) was executed inside its macOS app signing workflow on March 31. This is the process that certifies ChatGPT Desktop, Codex, Codex-cli, and Atlas as legitimate OpenAI applications. The workflow had access to the certificate and notarization material used to sign every macOS app OpenAI distributes.

Translation: North Korean hackers briefly had a pathway to the signing keys that tell your Mac "yes, this is real ChatGPT." If those keys had been stolen, attackers could have distributed fake OpenAI apps that macOS would have treated as genuine.

OpenAI says the certificate was "likely not successfully exfiltrated." Likely. Not "definitely." Not "confirmed." Likely.

So the company is treating the material as compromised anyway. It revoked and rotated its entire macOS code signing certificate, rebuilt all affected applications with new credentials, and is now forcing every macOS user to update. Effective May 8, older versions of ChatGPT Desktop and Codex will stop receiving updates and "may not be functional."

The root cause? A misconfigured GitHub Actions workflow. OpenAI was using GitHub's automation to build and sign its Mac apps. That workflow pulled the Axios library. And because Axios had been poisoned by North Korean actors as part of a broader campaign targeting high-impact Node.js maintainers, OpenAI's build pipeline ran malicious code with access to its most sensitive signing materials.

OpenAI insists no user data was accessed and no systems were compromised. Passwords and API keys were not affected. The company says this was a close call, not a breach.

But here is what should concern everyone in AI right now: the company building the most widely used AI consumer product in history had its app signing pipeline compromised because it pulled an unverified dependency from npm. This is Software Supply Chain Security 101. And OpenAI, a company valued at $852 billion and about to IPO, got caught by it.

The broader pattern is alarming. North Korean actors have been systematically targeting the open source software supply chain for years, and the AI industry is uniquely vulnerable because every lab depends on the same stack of open source libraries. Axios alone has 58 million weekly npm downloads. One poisoned version reached the signing pipeline of the world's biggest AI company.

If you use ChatGPT, Codex, or Atlas on a Mac: update now. If you run any AI tools that depend on open source npm packages: audit your supply chain. Because if North Korea can get inside OpenAI, they can get inside anyone.