OpenAI Faces Supply Chain Attack on macOS Apps
OpenAI recently disclosed a supply chain attack on its macOS applications that resulted in the download of a malicious library called Axios. The incident, which occurred on March 31, prompted the AI company to take precautionary measures to protect its app-signing process without compromising user data or internal systems.
While investigating the attack, OpenAI found that a GitHub Actions workflow used in the macOS app-signing process had downloaded and executed Axios version 1.14.1. Fortunately, the company determined that the signing certificate was likely not compromised by the malicious payload. However, as a precautionary measure, OpenAI decided to revoke and rotate the certificate, leading to older versions of macOS apps no longer receiving updates or support after May 8, 2026.
Despite the lack of evidence of data exfiltration, OpenAI is working with Apple to ensure that software signed with the compromised certificate cannot be newly notarized. This remediation effort aims to minimize user disruption and encourage users to update to the latest versions of the affected apps.
March Witnessed Two Major Supply Chain Attacks
The Axios breach was one of two significant supply chain attacks that took place in March, impacting the open-source ecosystem. The other incident targeted Trivy, a vulnerability scanner maintained by Aqua Security, leading to widespread repercussions across multiple ecosystems and affecting various libraries dependent on it.
In the Trivy attack, cybercriminals deployed a credential stealer named SANDCLOCK to extract sensitive data from developer environments. Subsequently, the stolen credentials were used to compromise npm packages and propagate a self-replicating worm called CanisterWorm.
The attackers further injected malware into GitHub Actions workflows maintained by Checkmarx, leading to the publication of malicious versions of LiteLLM and Telnyx on the Python Package Index (PyPI). These actions underscored the evolving tactics of cybercriminal groups in targeting security tools and expanding their reach across multiple platforms.
Impacts Ripple Through Dependencies
Google has warned of the potential circulation of “hundreds of thousands of stolen secrets” following the Axios and Trivy attacks, fueling a surge in software supply chain attacks, SaaS environment compromises, ransomware incidents, and cryptocurrency theft.
Organizations such as Mercor and the European Commission confirmed compromises due to the Trivy attack, leading to data exfiltration and subsequent leaks by extortion groups. The fallout from these attacks highlights the importance of verifying trust in open-source repositories and implementing robust security measures at every layer of the software stack.
To counter such attacks, developers are advised to pin packages by digest or commit SHA, use Docker Hardened Images, enforce minimum release age settings, and adopt other security best practices outlined by Docker and PyPI maintainers.
Mitigating Future Risks
Cybersecurity agencies like CISA have added the Trivy supply chain attack to their list of Known Exploited Vulnerabilities, mandating mitigation measures by April 9, 2026. Enterprises are urged to closely monitor supply chain attacks and take proactive steps to assess and enhance their security posture against future threats.
As the threat landscape continues to evolve, organizations must remain vigilant and implement robust security measures to safeguard against supply chain attacks and data breaches.
