OpenAI addresses third-party security issue without data breach
OpenAI has identified a security issue linked to a third-party developer tool but confirmed that no user data was accessed or compromised during the incident.
The issue involved Axios, a widely used development library that was reportedly affected as part of a broader software supply chain attack. The incident highlighted growing concerns about vulnerabilities in external tools integrated into modern software ecosystems.
According to OpenAI, the problem originated from a misconfiguration in a workflow using GitHub Actions, which allowed a malicious version of the tool to be executed. This workflow had access to sensitive certification materials used to verify the authenticity of macOS applications.
Despite the potential risk, the company stated that its internal investigation found no evidence that user data, passwords, or API keys were exposed. It also confirmed that its systems and intellectual property remained secure and that no official applications were altered.
As a precaution, OpenAI is strengthening its security processes and updating certification mechanisms. The company has also urged users of its macOS applications, including ChatGPT desktop tools, to update to the latest versions to ensure continued protection.
The incident reflects a broader trend in cybersecurity, where attackers increasingly target software supply chains to exploit trusted systems. Experts emphasize the importance of continuous monitoring and rapid response to mitigate such risks.
OpenAI added that older versions of its macOS applications will soon lose support and may stop functioning, as part of its effort to maintain a secure environment for users.
-
07:46
-
07:33
-
07:15
-
20:29
-
19:19
-
19:00
-
18:18
-
17:30
-
15:53
-
15:30
-
14:44
-
14:30
-
13:33
-
12:39
-
11:15
-
11:00
-
09:45
