OpenAI has confirmed it was affected by a North Korea-linked supply chain attack targeting Axios, a popular JavaScript library with over 100 million weekly downloads. Attackers compromised an Axios maintainer's account and published malicious packages that infiltrated OpenAI's Mac app-signing process, potentially exposing the certificate used to verify legitimate ChatGPT Desktop and other applications. While OpenAI believes the certificate wasn't compromised, the company is revoking and rotating it as a precaution, with full revocation scheduled for May 2026.