OpenAI is forcing Mac users to update ChatGPT and other desktop apps soon, after a supply chain attack exposed the signing certificates that Apple’s security systems use to verify trusted software.
The company revealed the incident on May 13 and confirmed that malware related to the “Mini Shai-Hulud” attack had infected the devices of two employees through the TanStack npm ecosystem. Investigators identified unauthorized access activity in a limited set of internal source code repositories connected to these employees.
OpenAI alternated its signing certificates and re-signed affected applications to prevent misuse of exposed credentials. The company found no evidence that customer data, production systems or intellectual property were compromised in the incident.
Apple’s macOS security protections will block apps signed with old certificates after June 12, making the update mandatory for affected Mac users.
OpenAI confirmed that the affected repositories included signing certificates used for applications on macOS, iOS, Windows and Android. The company blocked future notarization attempts tied to old credentials instead of immediately revoking certificates and risking interrupted software installations for existing users.
Mac users should install updated versions before June 12. After this date, Apple’s security protections will stop trusting apps signed with the previous certificates.
Why macOS users should update
Code signing certificates help macOS verify that software comes from a legitimate developer. Apple’s Gatekeeper and notarization systems use these certificates to determine whether applications should be approved, launched, or blocked.
Investigators found no evidence that the exposed certificates were used to sign malware or distribute malware to users. OpenAI reviewed past notarizations for signs of unauthorized activity and said it found no evidence of misuse.
Older versions of ChatGPT Desktop, Codex App, Codex CLI, and Atlas signed with previous certificates may stop working or receiving updates after June 12. ChatGPT Desktop 1.2026.125, Codex App 26.506.31421, Codex CLI 0.130.0 and Atlas 1.2026.119.1 are the affected versions.
Supply chain attacks increasingly difficult to contain
Modern applications rely on vast networks of open source libraries, package managers, and automated development systems capable of widely distributing compromised code. A malicious dependency can cross multiple organizations before developers detect the malware in the software chain.
The attack took place during the active deployment of new supply chain security protections to OpenAI’s development systems. These protections included stricter package provenance checks, stricter CI/CD identification checks, and package manager safeguards such as minimumReleaseAge policies.
Both of the affected employees’ devices had not yet received the updated protections when the malware hit the systems. OpenAI said the incident accelerated the deployment of additional protection measures designed to reduce the impact of future attacks on the supply chain.
How Mac Users Can Stay Safe
OpenAI asked users to install updated applications only through official websites or built-in update systems. The company also warned users to avoid installers distributed via advertisements, third-party download sites, email links, or unsolicited messages.
Mac users should ensure they are running the latest versions of ChatGPT, Codex, and related OpenAI applications before June 12. Users who downloaded OpenAI software from unofficial sources should remove these applications and reinstall clean versions directly from OpenAI.