What Happened: A Supply Chain Attack and Exposed Certificates
OpenAI has disclosed a supply chain attack that exposed code-signing certificates used to prove that its apps, including ChatGPT for Mac, come from a trusted developer. The incident was linked to malware from the "Mini Shai-Hulud" attack that infiltrated two employee devices via the TanStack npm ecosystem. Investigators found unauthorized access to a limited set of internal source code repositories tied to those devices, including repositories containing app signing certificates across macOS, iOS, Windows, and Android. While OpenAI reports no evidence that customer data, production systems, or intellectual property were compromised, exposed certificates pose a serious risk. In the worst case, attackers could use them to sign fake or tampered apps that appear legitimate. To prevent this, OpenAI rotated its signing certificates and re-signed affected apps, triggering a mandatory ChatGPT Mac security update for desktop users.
Why This Matters: Certificates, Gatekeeper, and Mac Security
On macOS, app signing certificates are central to Gatekeeper and Apple’s notarization process, which together decide whether software is trusted, blocked, or flagged as suspicious. When OpenAI switched to new certificates over security concerns, older builds of ChatGPT Desktop, Codex App, Codex CLI, and Atlas became tied to credentials Apple will soon stop trusting. Apple’s Xprotect system has already treated some older ChatGPT builds as untrusted, moving them to the Trash and preventing launch. This doesn’t mean ChatGPT is malware; it means Mac app signing vulnerability safeguards are working as intended after the certificate rotation. However, if the exposed certificates were left active, attackers could potentially push malicious builds that pass initial verification, creating a dangerous supply chain attack certificate scenario. To close that window, OpenAI and Apple’s protections will effectively deprecate older certificates, forcing users onto re-signed, verified versions.
Update Deadline: What Happens If You Don’t Patch in Time
Apple’s macOS security protections will stop trusting apps signed with the previous OpenAI certificates after June 12. If you’re running older versions of ChatGPT Desktop (such as 1.2026.125), Codex App (26.506.31421), Codex CLI (0.130.0), or Atlas (1.2026.119.1), they may stop launching or receiving updates once that deadline passes. In practical terms, you could see ChatGPT malware false alarm messages, apps being moved to the Trash, or macOS refusing to open them at all. This behavior is by design: Gatekeeper and Xprotect are blocking software that no longer matches Apple’s trust requirements. OpenAI chose to block future notarization attempts tied to the old credentials rather than immediately revoke them, to avoid sudden widespread app failures. But that grace period ends soon, so Mac users must install updated versions before the cutoff to avoid disruption and maintain secure, trusted access to OpenAI tools.
How to Safely Update ChatGPT and Other OpenAI Mac Apps
To protect your system, perform a clean ChatGPT Mac security update from official channels only. First, quit all running OpenAI apps. Next, open your Applications folder and drag any outdated ChatGPT, Codex, or Atlas apps to the Trash if macOS hasn’t already done so. Then, visit OpenAI’s official website or use the built-in in-app updater where available to download the latest versions. Avoid installers from ads, third-party download sites, email attachments, or unsolicited links, as these are common distribution vectors for tampered software. After installing, launch each app to ensure macOS accepts the new signature and no warnings appear. If Gatekeeper still flags the app, confirm the download source and repeat the installation. Finally, check for automatic update settings inside each app so you receive future security fixes promptly, reducing the risk from evolving supply chain threats.
Troubleshooting False Malware Alerts and Staying Secure Long-Term
Some users are seeing macOS warnings that the ChatGPT app is malware, followed by the app being moved to the Trash. In most cases, this is Xprotect responding to outdated, no-longer-notarized versions rather than genuine malware on your system. To fix it, delete the flagged app, empty the Trash, and reinstall ChatGPT directly from OpenAI’s official download page. This refreshes the notarization chain and resolves most ChatGPT malware false alarm issues. Going forward, keep macOS and Xprotect updated, and avoid installing OpenAI apps from unofficial mirrors, file-sharing sites, or repackaged bundles. Modern supply chain attacks increasingly target libraries, build systems, and developer tools, so even trusted brands can be indirectly affected. By limiting your sources, applying updates promptly, and treating unexpected installers with suspicion, you significantly reduce exposure to future Mac app signing vulnerability exploits and similar certificate-based attacks.