Mac ChatGPT App Gets Urgent Security Update After Supply Chain Threat

OpenAI has issued an urgent advisory for users of its ChatGPT desktop app on macOS, urging them to update immediately following a recently identified security concern. The issue, the company clarified, is linked to a broader industry-wide incident involving a third-party library and not a direct breach of its own systems.

According to OpenAI, the vulnerability stems from Axios, a widely used developer tool. While the situation raised alarms, the company emphasized that there is no evidence suggesting that user data was accessed, its infrastructure was compromised, or its software was altered.

“Out of an abundance of caution, we are taking steps to protect the process that certifies our macOS applications are legitimate OpenAI apps,” the company wrote in a post on X.

The firm further added, “We are updating our security certifications, which will require all macOS users to update their OpenAI apps to the latest versions. This helps prevent any risk—however unlikely—of someone attempting to distribute a fake app that appears to be from OpenAI. You can update safely through an in-app update or at the official links below.”

OpenAI has made it clear that this issue is limited strictly to its macOS applications. Users accessing ChatGPT through iOS, Android, Windows, Linux, or web browsers are not impacted by this vulnerability.

The root of the problem lies in what cybersecurity experts call a “supply chain attack.” On March 31, 2026, attackers compromised a version of the Axios library used in a GitHub Actions workflow. This workflow was part of the process OpenAI uses to sign its Mac applications—such as ChatGPT Desktop and Codex—with official developer certificates.

These certificates are critical because they signal to macOS that an application is authentic and safe to run. Although OpenAI’s investigation suggests that its certificate was likely not stolen, the company is treating it as potentially compromised. As a precaution, it is revoking the existing certificate and replacing it with a new one.

This move has significant implications for users. OpenAI has announced a mandatory update for all macOS ChatGPT users. Older versions of the app will stop receiving updates or support after May 8, 2026, and may eventually stop working altogether.

The company explained that if malicious actors had gained access to the old certificate, they could potentially create fake ChatGPT applications that appear legitimate. By revoking the certificate and halting new notarizations under it, OpenAI aims to eliminate that risk.

Once the old certificate is fully revoked, macOS security systems will automatically block any apps signed with it from being installed or launched for the first time. This ensures that any fraudulent apps attempting to impersonate OpenAI’s software will be flagged or prevented from running unless users deliberately override system warnings.

In essence, the update is a precautionary but necessary step to reinforce trust and maintain security across its macOS ecosystem. Users are strongly encouraged to install the latest version of the ChatGPT app to ensure uninterrupted service and protection.