DEV Community

Sam Rivera
Sam Rivera

Posted on

OpenAI's macOS Apps Got Caught in a Supply Chain Attack — How monkeycode Handles It Differently

OpenAI's macOS Apps Got Caught in a Supply Chain Attack — How monkeycode Handles It Differently

developer desk

If you use ChatGPT Desktop, Codex, or Atlas on a Mac, OpenAI recently asked you to update. The reason: a compromised version of Axios made it into OpenAI's macOS app-signing pipeline.

The short version is that no user data was accessed and no malware was signed, but the signing certificate was potentially exposed. OpenAI is rotating it, and older app versions will stop working after May 8.

What actually happened

On March 31, a malicious Axios package was downloaded and executed inside a GitHub Actions workflow used to sign OpenAI's macOS apps. That workflow had access to the certificate that proves ChatGPT Desktop, Codex, Codex CLI, and Atlas are really from OpenAI.

OpenAI believes the certificate was probably not exfiltrated, but they are treating it as compromised anyway. They have published new app builds signed with a fresh certificate and are working with Apple to make sure old notarizations stop working.

The part that should make builders nervous

The root cause was a CI misconfiguration: the workflow used a floating tag for Axios and did not delay new package versions. This is the kind of thing a lot of solo builders and small teams do too.

It is also a reminder that when you ship a desktop app, your users are trusting your entire build pipeline. If that pipeline gets owned, an attacker could theoretically ship malware that looks exactly like your app.

Why I keep coming back to monkeycode

I am not saying desktop apps are bad. But this incident is why I have been watching monkeycode, an open-source AI development platform. It runs in the browser or self-hosted on your own infrastructure, so there is no single vendor-controlled binary to trust. The code is AGPL-3.0, and you can inspect or fork it.

It is a different trade-off. You lose the polished native app experience, but you gain transparency and control. For some teams, that is worth it.

My checklist after reading this

  • Pin CI dependencies by commit hash, not floating tags.
  • Add delays before auto-updating to new package versions.
  • Limit which workflows can access signing certificates.
  • Have a plan for rotating certificates quickly.

If you are on macOS and use any OpenAI apps, go update them. And if you are curious about an open-source alternative, monkeycode is on my list.

Top comments (0)