OpenAI is telling Mac users to update its apps by June 12 after a developer-focused supply chain attack exposed code-signing certificates associated with its products.
The company said two employee devices were compromised through malware linked to the Mini Shai-Hulud campaign, which targeted developer credentials through compromised npm packages. OpenAI said it found no evidence that customer data or production systems were accessed, but it is rotating certificates and urging users to install updated versions from official sources.
“We have taken decisive steps to protect our user data, systems, and intellectual property,” OpenAI wrote in its post. “As part of our response, we are taking steps to protect the process that certifies our macOS applications are legitimate OpenAI apps.”
The practical risk is not that OpenAI’s apps suddenly became unsafe. Stolen signing materials could help attackers make malicious software appear more trustworthy than it should be.
How developer devices were compromised
The issue stems from a broader compromise of a popular npm package used by several developers, including OpenAI.
According to OpenAI, malware associated with the Mini Shai-Hulud campaign compromised two employee devices and targeted developer credentials, including GitHub tokens, API keys, and internal secrets.
OpenAI says the attack eventually led to the compromise of two employees’ devices, though it says it found no evidence that customer data or production systems were accessed. The incident has since triggered a broader security response from the company, particularly around its app’s trusted certificates.
OpenAI’s response to the incident
Upon detecting the incident, the company says it immediately isolated the affected devices and launched an investigation. It also says that the services of an external digital forensics and incident response firm were requested to aid with the investigation.
After determining that no customer data, intellectual property, or credentials had been stolen and that the threat actor’s continued access had been effectively closed off, the AI powerhouse began taking preventive measures.
However, OpenAI says the attacker had access to a limited number of source code repositories containing the signing certificates for its products. Specifically, the certificates for iOS, Windows, and macOS apps. That prompted it to implement the rotation of code-signing certificates across its products.
In addition to these measures, the company has reached out to all platform providers that use its products to stop all new notarization. Threat actors may use the credentials accessed to distribute malware disguised as legitimate OpenAI products, and the company aims to prevent that from happening
But the effectiveness of its measures largely depends on what users of its products do going forward, as they, too, are potential targets in different ways.
Must-read security coverage
How Mac users can stay protected
OpenAI said Windows and iOS users do not need to take additional action beyond normal updates, but macOS users must update affected apps by June 12.
The required versions are:
- ChatGPT Desktop: 1.2026.125
- Codex App: 26.506.31421
- Codex CLI: 0.130.0
- Atlas: 1.2026.119.1
Users should install updates only from OpenAI’s official channels and avoid download links sent through email, ads, messages, or unofficial websites.
The OpenAI update warning also arrives as Apple continues tightening app and privacy protections across its ecosystem, including a reported iOS 26.5 change that may limit carriers’ access to users’ precise location data.
Read the full article here
