Mac ChatGPT App Gets Urgent Security Update After Supply Chain Threat
OpenAI urges all Mac users to update ChatGPT, Codex, and other apps after a supply chain attack via a compromised Axios library raised security concerns. Older versions stop working after May 8, 2026.
What’s new: OpenAI has announced that users of its Mac applications, including ChatGPT and Codex, should update to the latest versions due to a security issue involving the third-party developer tool Axios. OpenAI found no evidence of user data being accessed or systems compromised, but is taking precautionary measures to ensure the legitimacy of its applications.
Who’s affected
All users of OpenAI’s Mac applications, specifically ChatGPT, Codex, Atlas, and Codex CLI, are affected by this security precaution.
What to do
- Update all OpenAI Mac applications to the latest versions to ensure security and compliance.
- Be aware that older versions of these applications may stop functioning after May 8, 2026.
Background
On March 31, 2026, attackers compromised a version of the Axios library used in a GitHub Actions workflow, triggering a supply chain concern. While OpenAI found no evidence of malicious exploitation, the company revoked its old signing certificate and is requiring users to update to newly notarized versions of its Mac apps. If malicious actors had obtained access to the old certificate, they could potentially have distributed fake but seemingly legitimate ChatGPT applications. Older versions will stop receiving updates after May 8, 2026, and may eventually stop working altogether.
