OpenAI caught in North Korean supply chain attack, macOS signing keys briefly at risk
OpenAI said Friday it identified a security incident stemming from the compromise of Axios, a widely used open-source JavaScript library, and is taking steps to lock down its macOS app signing process after a malicious version of the library was pulled into the company's build pipeline.
The company found no evidence that user data was accessed, its systems or intellectual property were compromised, or that its software was altered, according to a disclosure shared with Reuters. The root cause was a misconfiguration in a GitHub Actions workflow, which has since been addressed.
Axios, which sees nearly 100 million weekly downloads and underpins HTTP requests across millions of JavaScript projects, was compromised on March 31st by actors linked to North Korea. The attackers spent weeks building rapport with the library's sole maintainer, Jason Saayman, before tricking him into installing malware during a fake video call. The incident was part of a broader supply chain campaign targeting high-impact open-source maintainers, as documented by TechCrunch and The Hacker News.
OpenAI's build pipeline pulled the poisoned version of Axios into a GitHub Actions workflow that had access to certificates and notarization material used to sign macOS applications, including ChatGPT Desktop, Codex, Codex-cli, and Atlas. OpenAI's analysis concluded the signing certificate was likely not successfully exfiltrated by the malicious payload.
The disclosure adds OpenAI to a growing list of organizations caught in the Axios incident's blast radius. Socket, a security firm that has tracked the campaign, said multiple Node.js ecosystem maintainers were directly approached using similar social engineering tactics — including the creators of Lodash, Fastify, and the dotenv library — suggesting a coordinated effort to compromise open-source infrastructure at scale.
The attack against Axios itself was methodical. Saayman detailed in a postmortem that the hackers posed as a legitimate company, creating a realistic-looking Slack workspace with fake employee profiles and cloned founder likenesses before luring him into a Microsoft Teams call that prompted a malware download. Google Threat Intelligence attributed the campaign to UNC1069, a North Korean threat actor primarily financially motivated.
The incident underscores the fragility of trust in open-source supply chains. A package used by millions of developers became a vector for compromise simply by exploiting one person. Socket CEO Feross Aboukhadijeh described the dynamic starkly: "A package as widely used as Axios being compromised shows how difficult it is to reason about exposure in a modern JavaScript environment."
OpenAI is requiring all macOS users to update to the latest versions of its applications. Effective May 8th, older macOS desktop app versions will no longer receive updates or support and may not function properly.
Passwords and OpenAI API keys were not affected by the incident, the company confirmed.
The Axios compromise is not an isolated event. North Korean cyber operations have been blamed for stealing at least $2 billion in cryptocurrency in 2025 alone, funding the Kim Jong Un regime's weapons development under international sanctions. Security researchers describe the actors behind the Axios hack as among the most sophisticated and patient threat groups operating today.
For OpenAI, the incident is a reminder that even organizations with significant security resources are exposed to third-party risks. The company's foundation models and API infrastructure were unaffected — but its build pipeline was not invulnerable.
