Our response to the Axios developer tool compromise
OpenAI News我们近期发现一起涉及第三方开发工具 " Axios " 的安全问题,该问题属于此前广泛报道的、更大范围的行业事件的一部分。出于高度谨慎,我们正在采取措施保护用于证明我们 " macOS " 应用为合法 " OpenAI " 应用的签名与公证流程。我们未发现任何证据表明 " OpenAI " 用户数据被访问、我们的系统或知识产权被窃取,或我们的软件被篡改。
我们正在更新安全证书,因此所有 " macOS " 用户需要将他们的 " OpenAI " 应用更新到最新版本,以降低出现伪造、冒充 " OpenAI " 的应用(尽管可能性极小)的风险。你可以通过应用内更新,或通过以下官网链接安全下载更新:
- " ChatGPT Desktop "(https://chatgpt.com/download/)
- " Codex App "(https://chatgpt.com/codex/)
- " Codex CLI "(https://developers.openai.com/codex/cli)
- " Atlas "(https://chatgpt.com/atlas)
我们把信息安全与隐私放在首位,遇到问题会尽快透明披露并采取行动。下面是更多技术细节与常见问答。
发生了什么以及我们在做什么
2026 年 3 月 31 日(UTC),广泛使用的第三方开发库 " Axios " 在一次更大的软件供应链攻击中遭到破坏。在此期间,我们在 " macOS " 应用签名流程中使用的一项 " GitHub Actions " 工作流下载并执行了被篡改的 " Axios "(版本 1.14.1)。该工作流可以访问用于为 " macOS " 应用签名和公证的证书与相关材料,受影响的应用包括 " ChatGPT Desktop "、" Codex App "、" Codex CLI " 和 " Atlas "。该证书有助于用户确认软件确实来自合法开发者 " OpenAI "。
我们的事件分析认为,由于恶意载荷执行时机、证书注入到作业的时序、作业本身的执行顺序等多种缓解因素,工作流中存在的签名证书很可能未被成功外传。但出于高度谨慎,我们仍将该证书视为可能已泄露,已对其进行吊销与轮换。
自 2026 年 5 月 8 日起,旧版 " macOS " 桌面应用将不再接收更新或支持,且可能无法正常运行。以下版本是最早使用我们更新后证书签名的发行版:
- " ChatGPT Desktop ":1.2026.051
- " Codex App ":26.406.40811
- " Codex CLI ":0.119.0
- " Atlas ":1.2026.84.2
调查与补救行动
为调查与应对该事件,我们聘请了第三方数字取证与事件响应公司,已更换 " macOS " 代码签名证书,并用新证书发布了所有相关 " macOS " 产品的新安装包;同时与 " Apple " 合作,确保此前证书签名的软件不能被重新公证。我们还审查了使用此前证书的所有公证记录,确认未发现与这些密钥相关的异常公证事件,并验证已发布的软件未被未经授权地修改。目前尚未发现对现有软件安装造成妥协或风险的证据。
如果证书确实被恶意方获取,他们可能会用该证书对自己的代码进行签名,使其看起来像合法的 " OpenAI " 软件。我们已阻止使用旧证书进行新的软件公证,因此未经授权的第三方若用旧证书签名的新软件,默认会被 " macOS " 的安全防护阻拦,除非用户手动绕过这些保护。一旦我们在 2026 年 5 月 8 日正式吊销证书,使用先前证书签名的应用的新下载与首次启动将被 " macOS " 安全机制阻止。
该事件的根本原因是 " GitHub Actions " 工作流配置不当:相关 action 使用了浮动标签(floating tag),而非固定的提交哈希(commit hash),且未为新发布的软件包配置 minimumReleaseAge。
常见问题(FAQ)
- " OpenAI " 产品或用户数据是否被泄露? 否。我们未发现任何证据表明 " OpenAI " 产品或用户数据被泄露或受影响。
- 是否发现有以 " OpenAI " 名义签名的恶意软件? 否。我们未发现可能被暴露的公证与代码签名材料被滥用的证据,并已核实与受影响材料相关的所有公证事件均为预期之内。
- 我需要更改密码吗? 不需要。密码与 " OpenAI " API key 未受影响。
- 这会影响 iOS、Android、Linux 或 Windows 吗? 不会。本次事件仅影响 " OpenAI " 的 " macOS " 应用,不影响网页版。
- 为什么要我更新 Mac 应用? 我们发现涉及 " macOS " 应用签名流程的 " GitHub Actions " 工作流存在暴露风险,因此主动对用于 " OpenAI macOS " 应用的公证与代码签名材料进行轮换。更新可确保你运行的是用我们最新证书签名的版本,该证书帮助用户确认软件确系合法的 " OpenAI " 发布。
- 我应从哪里下载更新的 " macOS " 应用? 仅通过应用内更新或下列官方页面下载 " OpenAI " 应用,切勿从邮件、消息、广告或第三方下载站点安装:
- " ChatGPT "(https://chatgpt.com/download/)
- " Codex "(https://chatgpt.com/codex/)
- " Codex CLI "(https://developers.openai.com/codex/cli)
- " Atlas "(https://chatgpt.com/atlas) 请对通过电子邮件、短信、聊天消息、广告、文件分享链接或第三方下载站点收到的任何“OpenAI”“ChatGPT”或“Codex”安装程序保持警惕。
- 2026 年 5 月 8 日之后会怎样? 自 2026 年 5 月 8 日起,旧版 " macOS " 桌面应用将不再接收更新或支持,且可能无法使用。最早使用我们更新后证书签名的版本为:
- " ChatGPT Desktop ":1.2026.051
- " Codex App ":26.406.40811
- " Codex CLI ":0.119.0
- " Atlas ":1.2026.84.2
- 为什么不立即吊销证书? 我们已采取措施阻止使用受影响的公证材料对 " macOS " 应用进行新的公证,因此任何冒充 " OpenAI " 的伪造应用将缺少公证,默认会被 " macOS " 安全机制阻止,除非用户明确绕过。由于撤销证书可能导致 " macOS " 阻止使用先前证书签名的应用的新下载与首次启动,我们给用户留出 30 天的更新窗口以尽量减少对使用者的影响。这一窗口可帮助降低风险,并让受影响的客户通过内置更新机制完成修复。如果在此期间我们发现有证书被滥用的迹象,将加快吊销进程;我们也在与合作伙伴一起监控任何可能的滥用指标。
We recently identified a security issue involving a third-party developer tool, Axios, that was part of a widely reported, broader industry incident. Out of an abundance of caution we are taking steps to protect the process that certifies our macOS applications are legitimate OpenAI apps. We found no evidence that OpenAI user data was accessed, that our systems or intellectual property was compromised, or that our software was altered.
We are updating our security certificates, which will require all macOS users to update their OpenAI apps to the latest versions. This helps prevent any risk—however unlikely—of someone attempting to distribute a fake app that appears to be from OpenAI. You can update safely through an in-app update or at the official links below:
The security and privacy of your information are a top priority. We’re committed to being transparent and taking quick action when issues arise. We're sharing more technical details and FAQs below.
What happened and what we are doing
On March 31, 2026 (UTC), Axios, a widely used third-party developer library, was compromised as part of a broader software supply chain attack. At that time, a GitHub Actions workflow we use in the macOS app-signing process downloaded and executed a malicious version of Axios (version 1.14.1). This workflow had access to a certificate and notarization material used for signing macOS applications, including ChatGPT Desktop, Codex, Codex-cli, and Atlas. This certificate helps customers know that software comes from the legitimate developer, OpenAI.
Our analysis of the incident concluded that the signing certificate present in this workflow was likely not successfully exfiltrated by the malicious payload due to the timing of the payload execution, certificate injection into the job, sequencing of the job itself, and other mitigating factors. Nevertheless, out of an abundance of caution we are treating the certificate as compromised, and are revoking and rotating it.
Effective May 8, 2026, older versions of our macOS desktop apps will no longer receive updates or support, and may not be functional. These versions represent the earliest releases signed with our updated certificate:
- ChatGPT Desktop: 1.2026.051
- Codex App: 26.406.40811
- Codex CLI: 0.119.0
- Atlas: 1.2026.84.2
Investigation and remediation efforts
As part of our investigation and response, we engaged a third-party digital forensics and incident response firm, rotated our macOS code signing certificate, published new builds of all relevant macOS products with the new certificate, and are working with Apple to ensure software signed with the previous certificate cannot be newly notarized. We have also reviewed all notarization of software using our previous certificate to confirm no unexpected software notarization occurred with these keys, and validated that our published software did not have unauthorized modifications. At this time, we have found no evidence of compromise or risk to existing software installations.
In the event that the certificate was successfully compromised by a malicious actor, they could use it to sign their own code, making it appear as legitimate OpenAI software. We have stopped new software notarizations using the old certificate, so new software signed with the old certificate by an unauthorized third party would be blocked by default by macOS security protections unless a user explicitly bypasses them. Once we fully revoke our certificate on May 8th, 2026, new downloads and launches of apps signed with the previous certificate will be blocked by macOS security protections.
The root cause of this incident was a misconfiguration in the GitHub Actions workflow, which we have addressed. Specifically, the action in question used a floating tag, as opposed to a specific commit hash, and did not have a configured minimumReleaseAge for new packages.
FAQ
Were OpenAI products or user data compromised?
No. We have found no evidence that OpenAI products or user data were compromised or exposed.
Have you seen malware signed as OpenAI?
No. We have found no evidence that the potentially exposed notarization and code signing material have been misused, and we have confirmed all notarization events with the impacted material were expected.
Do I need to change my password?
No. Passwords and OpenAI API keys were not affected.
Does this affect iOS, Android, Linux, or Windows?
No. This only affects OpenAI macOS apps. This does not affect the web versions of our software.
Why are you asking me to update my Mac apps?
OpenAI identified exposure in a GitHub Actions workflow involved in the macOS app-signing process. Because the exposed workflow was related to macOS app signing, we are proactively rotating the notarization and code signing material used for OpenAI macOS applications. Updating ensures you are running versions signed with our latest certificate. This certificate helps customers know that software comes from the legitimate developer, OpenAI.
Where do I download the updated macOS apps?
Only download OpenAI apps from in-app updates or the official webpages below:
Do not install apps from links in emails, messages, ads, or third-party download sites. Be cautious of unexpected “OpenAI,” “ChatGPT,” or “Codex” installers sent through email, text, chat messages, ads, file-sharing links, or third-party download sites.
What happens after May 8, 2026?
Effective May 8, 2026, older versions of our macOS desktop apps will no longer receive updates or support, and may not be functional. These versions represent the earliest releases signed with our updated certificate:
- ChatGPT Desktop: 1.2026.051
- Codex App: 26.406.40811
- Codex CLI: 0.119.0
- Atlas: 1.2026.84.2
Why are you not revoking the certificate immediately?
We have worked to block any further notarization of macOS apps with the impacted notarization material. This means that any fraudulent app posing as an OpenAI app using the impacted certificate will lack notarization, and therefore will be blocked by default by macOS security protections unless a user explicitly bypasses those protections.
Because new notarization with the previous certificate is blocked, and because the revocation may cause macOS to block new downloads and first-time launches of apps signed with the previous certificate, we are giving our users a 30-day window to update to minimize disruption. This window will help minimize user risk and allow impacted clients to update through built-in update mechanisms, ensuring they are appropriately remediated.
We are working with our partners to monitor for any indicators of misuse of the signing certificate, and will accelerate the revocation timeline if we identify malicious activity during this window.
Generated by RSStT. The copyright belongs to the original author.