Skip to content
Search

Latest Stories

OpenAI flags security issue in ChatGPT desktop apps after supply chain attack

Users asked to update apps as precaution despite no data breach

OpenAI

OpenAI flags security issue in ChatGPT desktop apps after supply chain attack

Getty Images
Teena Jose
By Teena JoseApr 11, 2026
Teena Jose

Teena Jose is a business journalist at Eastern Eye specialising in British Asian business and the UK property market. She reports on market trends, economic developments and business leaders, while also producing daily digital video content on business and finance.

See Full Bio
Follow:
  • Third-party tool Axios compromised in wider cyber attack
  • No evidence of user data or systems being affected
  • Older app versions may stop working after May 8

OpenAI has flagged a security issue affecting its desktop apps, including ChatGPT, after a wider software supply chain attack compromised a commonly used developer tool.

The issue centres on Axios, a behind-the-scenes software library used by developers. It was compromised on March 31 as part of a broader cyber attack reportedly linked to North Korea, raising concerns across the tech industry. OpenAI said the incident briefly affected part of the system it uses to verify that its apps are genuine.

For users, this mainly impacts those using ChatGPT and other OpenAI tools as downloaded apps on Apple laptops and computers.

The company said there is no evidence that user data was accessed, accounts were breached, or its systems were compromised.

Where things went wrong

According to OpenAI, the issue began when an internal automated process — known as a GitHub workflow — unknowingly downloaded a malicious version of Axios.

This process had access to sensitive app-signing infrastructure, including digital certificates used to confirm that apps like ChatGPT Desktop, Codex and Atlas are officially from OpenAI.

These certificates act like a trust badge. If misused, they could allow fake apps to appear legitimate.

OpenAI said its analysis suggests the certificate was likely not stolen, reportedly said in a news report, based on how the attack unfolded and existing safeguards. Still, the company is treating it as potentially compromised.

Precaution, not panic

As a result, OpenAI is revoking and replacing its security certificates and tightening its app verification process.

Users are being asked to update their apps to the latest version. Older versions will stop receiving updates and may stop working after May 8.

The company said this step is meant to prevent even a small chance of fake apps being distributed under its name. It also confirmed that passwords and API keys were not affected.

The episode highlights how supply chain attacks are becoming a weak spot for the tech industry. Instead of targeting companies directly, attackers are going after the tools developers rely on — which can quietly open doors into larger systems, even if only for a short time.

cyber attacktech industrythirdparty tool axiosuser dataopenai

Related News

Is India turning into world’s AI classroom?
Column

Is India turning into world’s AI classroom?

Beyond electricity bills: Hidden ways UK homes can take charge of energy use
Tech

Beyond electricity bills: Hidden ways UK homes can take charge of energy use

More For You

James Bond game

007 First Light arrives carrying expectations beyond a typical release

X/ shinobi602

'007 First Light' finally gives James Bond fans the game they have been waiting for

Highlights

  • 007 First Light reimagines Bond before his 00 status in an origin story setting
  • The game is developed by IO Interactive, the studio behind the Hitman series
  • Reviewers have praised its blend of stealth, action and classic Bond atmosphere

Bond returns to gaming through a younger and rougher version

After years without a major James Bond game and a lengthy pause for the film franchise, 007 First Light arrives carrying expectations beyond a typical release.

Developed by IO Interactive, the team behind Hitman, the game introduces players to a younger Bond before he earns his 00 status. Rather than presenting the polished agent audiences know, the story begins with a more impulsive and rebellious trainee still learning his role.

Keep ReadingShow less