What Happened in the OpenAI Supply Chain Attack
OpenAI recently confirmed a supply chain attack that has direct implications for Mac app security. The incident began when an attacker published 84 malicious versions across 42 TanStack npm packages—popular open-source components used widely in web development. Two OpenAI employee devices in a corporate environment installed these compromised TanStack versions, exposing them to malware associated with the Mini Shai-Hulud campaign. This malware focused on stealing developer credentials such as GitHub tokens, API keys, and internal secrets. Investigators later identified unauthorized access to a limited set of internal source code repositories connected to those employees. While OpenAI says there is no evidence that user data, production systems, intellectual property, or OpenAI software itself were altered, the compromise did reach highly sensitive assets: code-signing certificates used to prove that OpenAI apps are legitimate. That exposure is the main reason Mac users must now act.
Why Exposed Signing Certificates Are a Big Deal for Mac Users
On macOS, signing certificates are core to malware protection. They allow Apple’s Gatekeeper and notarization systems to verify that software truly comes from a legitimate developer. OpenAI’s affected repositories contained private signing certificates for its macOS, iOS, and Windows products. In the worst case, attackers with stolen signing materials could sign their own malicious apps so they appear as trusted OpenAI software, potentially slipping past standard Mac app security checks. OpenAI says it found no evidence that these certificates were actually used to sign malware or distribute malicious apps. However, the theoretical risk is serious enough that the company has rotated its certificates and re-signed affected apps. Apple is also blocking future notarization attempts tied to the old credentials. For users, that means older OpenAI Mac apps relying on these certificates will gradually lose trust in macOS and may stop working correctly.
Mandatory Updates: Which OpenAI Mac Apps Are Affected and by When
Because OpenAI rotated its signing certificates, older Mac apps signed with the previous credentials are on a countdown. Apple’s macOS protections will stop trusting those apps after June 12, making updates effectively mandatory. OpenAI specifically calls out several releases: ChatGPT Desktop 1.2026.125, Codex App 26.506.31421, Codex CLI 0.130.0, and Atlas 1.2026.119.1. If you’re running any of these or earlier builds, your apps may stop functioning properly or fail to receive updates once macOS blocks the old signatures. OpenAI has already re-signed the affected apps with new certificates and says users of Windows and iOS apps do not need to take action. For Mac users, however, the path is clear: install the latest versions of ChatGPT Desktop, Codex App, Codex CLI, and Atlas from trusted channels before the June 12 deadline to avoid disruption and reduce the risk of certificate misuse.
How to Safely Update OpenAI Apps and Avoid Fake Installers
To stay protected, update directly from official sources and treat your Mac like it may be targeted by copycat apps. First, open the OpenAI ChatGPT, Codex, or Atlas app and check for an in-app update function. If available, use that. If not, visit OpenAI’s official website or the trusted app distribution channel you originally used and download the latest version from there. Avoid links in emails, messages, ads, or file-sharing services that claim to offer OpenAI, ChatGPT, or Codex installers. OpenAI explicitly warns users not to install apps from unsolicited links or third-party download sites. After updating, keep macOS security features like Gatekeeper enabled so they can validate the new signatures. These steps help ensure you’re running genuine, re-signed apps and not a malicious lookalike trying to exploit exposed signing certificates.
Supply Chain Attacks: Lessons for Everyday Mac App Security
This incident highlights why supply chain attack awareness is now essential for everyday users, not just developers. Modern apps are built on sprawling ecosystems of open-source libraries, package managers, and automated tools. Instead of attacking a well-defended company directly, threat actors increasingly target these dependencies, as seen with the compromised TanStack npm packages and the Mini Shai-Hulud campaign. Because the malicious payload ran during npm install, any developer device that pulled an affected version had to be treated as potentially compromised. Even though OpenAI found no evidence of customer data theft or tampered software, the exposure of signing certificates shows how quickly trust anchors can be put at risk. For Mac users, the takeaway is clear: keep apps updated, install only from official sources, and rely on built-in protections like Gatekeeper. Supply chain attacks may be subtle, but timely updates and cautious installation habits remain powerful defenses.