Skip to content
Search

Latest Stories

OpenAI flags security issue in ChatGPT desktop apps after supply chain attack

Users asked to update apps as precaution despite no data breach

OpenAI

OpenAI flags security issue in ChatGPT desktop apps after supply chain attack

Getty Images
Teena Jose
By Teena JoseApr 11, 2026
Teena Jose

Teena Jose is a business journalist at Eastern Eye specialising in British Asian business coverage, with a particular focus on the UK property market. A postgraduate in financial journalism, she reports on market trends, hidden economic shifts and the financial realities shaping business ecosystem. Her work also includes profiling high-profile business leader for the Asian Business Awards, and conducting in-depth interviews across the UK business landscape. Alongside her reporting, she produces daily digital video content exploring business, property and economic developments.

See Full Bio
  • Third-party tool Axios compromised in wider cyber attack
  • No evidence of user data or systems being affected
  • Older app versions may stop working after May 8

OpenAI has flagged a security issue affecting its desktop apps, including ChatGPT, after a wider software supply chain attack compromised a commonly used developer tool.

The issue centres on Axios, a behind-the-scenes software library used by developers. It was compromised on March 31 as part of a broader cyber attack reportedly linked to North Korea, raising concerns across the tech industry. OpenAI said the incident briefly affected part of the system it uses to verify that its apps are genuine.

For users, this mainly impacts those using ChatGPT and other OpenAI tools as downloaded apps on Apple laptops and computers.

The company said there is no evidence that user data was accessed, accounts were breached, or its systems were compromised.

Where things went wrong

According to OpenAI, the issue began when an internal automated process — known as a GitHub workflow — unknowingly downloaded a malicious version of Axios.

This process had access to sensitive app-signing infrastructure, including digital certificates used to confirm that apps like ChatGPT Desktop, Codex and Atlas are officially from OpenAI.

These certificates act like a trust badge. If misused, they could allow fake apps to appear legitimate.

OpenAI said its analysis suggests the certificate was likely not stolen, reportedly said in a news report, based on how the attack unfolded and existing safeguards. Still, the company is treating it as potentially compromised.

Precaution, not panic

As a result, OpenAI is revoking and replacing its security certificates and tightening its app verification process.

Users are being asked to update their apps to the latest version. Older versions will stop receiving updates and may stop working after May 8.

The company said this step is meant to prevent even a small chance of fake apps being distributed under its name. It also confirmed that passwords and API keys were not affected.

The episode highlights how supply chain attacks are becoming a weak spot for the tech industry. Instead of targeting companies directly, attackers are going after the tools developers rely on — which can quietly open doors into larger systems, even if only for a short time.

cyber attacktech industrythirdparty tool axiosuser dataopenai

Related News

Is India turning into world’s AI classroom?
Column

Is India turning into world’s AI classroom?

Beyond electricity bills: Hidden ways UK homes can take charge of energy use
Tech

Beyond electricity bills: Hidden ways UK homes can take charge of energy use

More For You

Amazon

Amazon prepares to enter the satellite internet race in 2026

iStock

Amazon prepares to enter satellite internet race in 2026

  • Amazon Leo set for mid-2026 launch with focus on rural internet access.
  • Faster speeds promised, but satellite rollout still lags behind rivals.
  • Strong enterprise demand contrasts with tight regulatory deadlines.

The race to dominate satellite internet is entering a new phase, with Amazon preparing to launch its long-delayed service, Amazon Leo, by mid-2026. Positioned as a rival to SpaceX’s Starlink, the project is being pitched as a solution for underserved regions still struggling with poor or no connectivity.

Chief executive Andy Jassy said the company is “on the verge” of launching the service and has already secured commitments from enterprise and government clients, as quoted in a news report. The rollout is expected to begin in the US before expanding to markets including the UK, Canada, France and Germany.

Keep ReadingShow less