Podcast Episode
The company said the workflow downloaded a malicious update from a compromised version of the popular Axios JavaScript library, potentially allowing attackers to forge certificates that could make counterfeit OpenAI apps appear legitimate.
Two poisoned versions of Axios were then published, introducing a hidden dependency called plain-crypto-js that deployed a cross-platform remote access trojan targeting macOS, Windows, and Linux systems. The malicious packages were live for approximately three hours before removal, but in that window an estimated six hundred thousand installs may have occurred.
OpenAI said its GPT Atlas browser and Codex macOS applications could have been affected during the exposure window. However, the company emphasised that no user data, intellectual property, or internal systems were compromised. A root cause was identified as a misconfiguration in the GitHub Actions workflow that used a floating tag instead of a pinned commit hash.
North Korean Hackers Hit OpenAI Through Massive Axios Supply Chain Attack
April 13, 2026
0:00
2:59
OpenAI has disclosed that a North Korean supply chain attack on the widely used Axios JavaScript library compromised a GitHub Actions workflow used to sign its macOS applications. The poisoned package was live for roughly three hours but may have been downloaded six hundred thousand times, making it one of the largest npm supply chain attacks on record.
OpenAI Caught in Axios Supply Chain Crossfire
OpenAI revealed on Friday that a GitHub Actions workflow responsible for signing certificates for its macOS applications was hit by the Axios npm supply chain attack that unfolded on the thirty-first of March. Google and Microsoft have both attributed the breach to North Korean state-sponsored hackers.The company said the workflow downloaded a malicious update from a compromised version of the popular Axios JavaScript library, potentially allowing attackers to forge certificates that could make counterfeit OpenAI apps appear legitimate.
How the Attack Unfolded
Attackers hijacked the npm account of the lead Axios maintainer through an elaborate social engineering operation. North Korean operatives built a fake company complete with LinkedIn profiles and a Slack workspace to trick the maintainer into installing malware via a bogus Microsoft Teams meeting.Two poisoned versions of Axios were then published, introducing a hidden dependency called plain-crypto-js that deployed a cross-platform remote access trojan targeting macOS, Windows, and Linux systems. The malicious packages were live for approximately three hours before removal, but in that window an estimated six hundred thousand installs may have occurred.
Why It Matters
Axios sees roughly one hundred million weekly downloads and is used in approximately eighty percent of cloud and coding environments. Google's Threat Intelligence Group attributed the attack to UNC1069, while Microsoft identified the same actor as Sapphire Sleet, both designations for a financially motivated North Korean threat group.OpenAI said its GPT Atlas browser and Codex macOS applications could have been affected during the exposure window. However, the company emphasised that no user data, intellectual property, or internal systems were compromised. A root cause was identified as a misconfiguration in the GitHub Actions workflow that used a floating tag instead of a pinned commit hash.
Looking Ahead
OpenAI is working with Apple to block further notarisation attempts using the previous certificate and plans to discontinue support for older macOS app versions on the eighth of May. The incident underscores growing concerns about CI/CD pipeline security, as long-lived access tokens can bypass even well-configured safeguards.Published April 13, 2026 at 10:12am
