OpenAI identifies security issue involving third-party tool, says user data was not accessed

OpenAI says the security issue involved a third-party developer tool called Axios.

The corporation says it found no evidence that user data was accessed.

OpenAI says it’s updating its security certifications.

OpenAI stated on Friday it had identified a security issue involving a third-party developer tool called Axios and is taking steps to protect the process that certifies its macOS applications are legitimate OpenAI apps.

The ChatGPT maker commented it found no evidence that its user data was accessed, that its systems or intellectual property was compromised, or that its software was altered.

* The enterprise mentioned it is updating its security certifications, requiring all macOS users to update their OpenAI apps to the latest versions to help prevent any risk of someone attempting to distribute a fake app. This also touches on aspects of bear market.

* Axios, a widely used third, according to OpenAI-party developer library, was compromised on March 31, as part of a broader software supply chain attack by actors believed to be linked to North Korea.

* This attack led a GitHub Actions workflow used by OpenAI to download and execute a ‘malicious’ version of Axios. This workflow had access to a certificate and notarization material used for signing macOS applications, including ChatGPT Desktop, Codex, Codex-cli, and Atlas.

* OpenAI noted its analysis of the incident concluded that the signing certificate present in this workflow was likely not successfully exfiltrated by the ‘malicious’ payload.

* Effective May 8, older versions of OpenAI’s macOS desktop apps will no longer receive updates or support, and may not be functional, the ChatGPT maker noted.

* Passwords and OpenAI API keys were not affected by the third-party security issue, the enterprise remarked, adding that the root cause of the security incident was a misconfiguration in the GitHub Actions workflow, which has been addressed.

AI Disclosure: This article has been generated and curated using advanced AI technology. While we strive for absolute accuracy, some details may be summarized or translated by autonomous systems. Please cross-reference critical financial data with official sources.