OpenAI has recently identified a security flaw in a third-party developer tool called Axios and has taken necessary steps to resolve the issue.
Taking to X, the artificial intelligence company announced the presence of a security risk in an external tool while assuring the intact integrity of users’ data and intellectual property.
“We found no evidence that OpenAI user data was accessed, that our systems were compromised, or that our software was altered,” the statement said.
The ChatGPT maker said the company is “taking important steps to protect the process that certifies that our macOS applications are legitimate OpenAI apps.”
According to OpenAI, the company is updating security certifications to ensure the continued integrity of the software. Additionally, to maintain compliance with the new standards, all users are “required to update their OpenAI apps to the latest versions. This helps prevent any risk of someone attempting to distribute a counterfeit app that appears to be from OpenAI – although this is unlikely.”
Starting May 8, older versions of these macOS apps will stop working and will not receive security updates or support.
As reported by Reuters, Axios was compromised on March 31 by hackers believed to be linked to North Korea, as part of a “supply chain attack.”
According to OpenAI, this malicious attack inspired the GitHub Actions workflow used by OpenAI to download and run Axios that was compromised. As a result, hackers gained access to a part of the system that handles security certificates and compromised OpenAI’s code-signing process for apps like ChatGPT Desktop, Codex, and Atlas.
However, the actual signature authentication, user passwords, and API keys remained secure during the incident.
