OpenAI reports security issue in third-party tool Axios, assures user data protection

OpenAI has recently identified a security flaw in a third-party developer tool called Axios and taken necessary steps to address the concerning issue.

Taking to X, the artificial intelligence company announced the presence of security risk in the external tool while assuring the intact integrity of users’ data and intellectual property.

“We found no evidence that OpenAI user data was accessed, that our systems were compromised, or that our software was altered,” the statement read.

The ChatGPT maker said the company is “taking significant steps to protect the process that certifies our macOS applications are legitimate OpenAI apps.”

According to OpenAI, the company is updating security certifications to ensure the continued integrity of the software. Moreover, to maintain compliance with new standards, all users are required to “update their OpenAI apps to the latest versions. This helps prevent any risk—however unlikely—of someone attempting to distribute a fake app that appears to be from OpenAI.”

Starting May 8, older versions of these macOS apps will stop working and will no longer receive security updates or support.

As reported by Reuters, Axios was compromised on March 31 by hackers believed to be linked to North Korea, as part of a "supply chain attack."

According to OpenAI, this malicious attack prompted the GitHub Actions workflow used by OpenAI to download and run compromised Axios. Consequently, the hackers gained access to a part of the system that handles security certificates and compromised OpenAI's code-signing process for apps like ChatGPT Desktop, Codex, and Atlas.

However, actual signing certifications, users passwords, and API keys remained protected during the incident.