How do you trust a piece of software when the tools that certify it pull in something malicious? OpenAI has forced that question into the open by revoking a macOS app certificate after discovering that a GitHub Actions workflow it used to sign macOS applications downloaded a malicious version of the Axios library on March 31.
What happened
OpenAI disclosed that a GitHub Actions workflow used to sign its macOS apps downloaded the malicious Axios library on March 31. In response, OpenAI revoked the certificate used for its macOS applications, calling the move an action taken "out of an abundance of caution." The company also stated that no user data or internal system was compromised.
Relevant background from the disclosure
The disclosure centers on the build and signing process: OpenAI revealed the workflow that signs macOS applications and reported the inclusion of the malicious Axios library in that workflow. The organization framed its revocation of the macOS app certificate as a protective measure for "the process that certifies our macOS applications are legitimate OpenAI apps," in language posted by OpenAI last week.
Why this matters
- Supply chain context: The incident highlights the risk that components pulled into build and signing pipelines can introduce malicious code into processes that assert application legitimacy.
- Trust and attestation: Because the workflow in question is used to sign macOS apps, the integrity of the signing process bears on whether an application can be verified as an authentic release from its developer.
- Risk management: OpenAI's immediate revocation of the certificate and its public statement that no user data or internal systems were compromised show steps taken to limit exposure and reassure stakeholders.
Perspectives to consider
- Technologists: The episode underscores the need to scrutinize continuous integration and signing workflows and to monitor dependencies that are fetched at build time.
- Users: OpenAI’s assertion that no user data or internal systems were compromised is a central reassurance for users; the certificate revocation is an action meant to protect the integrity of distributed macOS apps.
- Policymakers and defenders: The incident offers a concrete case in which a supply chain component affected a signing process, prompting questions about best practices for attestation and for rapid mitigation when a dependency is found to be malicious.
- Adversaries: The presence of a malicious library in a signing workflow illustrates why adversaries target build and distribution tooling as a vector for impact.
OpenAI’s disclosure is compact but consequential: a signing workflow pulled a malicious Axios library on March 31; OpenAI revoked the macOS app certificate and said no user data or internal systems were compromised; and the company moved to protect the certification process "out of an abundance of caution." The episode leaves a simple, persistent question for organizations and users alike — if the pipes that verify software can be contaminated, how will trust be rebuilt and maintained?
https://thehackernews.com/2026/04/openai-revokes-macos-app-certificate.html




