OpenAI GitHub Workflow Targeted in Supply Chain Attack via Malicious Axios npm Package

Cybersecurity supply chain attack visualization with broken chain links and malicious code flowing through npm packages

OpenAI disclosed that its GitHub workflow used to sign macOS applications downloaded a malicious version of the popular Axios npm library on March 31, 2026 — a supply chain attack linked to North Korea-affiliated threat actors. The company says no user data or internal systems were compromised.

What Happened

Attackers published two malicious versions of the Axios npm package — one of the most widely used JavaScript libraries with over 70 million weekly downloads — embedding a cross-platform Remote Access Trojan (RAT) via a hidden postinstall hook. The compromised package executed malicious code during installation, targeting development pipelines rather than end users directly.

OpenAI's CI/CD workflow for signing its macOS desktop application pulled in the malicious Axios version. Microsoft, which investigated the broader attack, attributed the campaign to North Korea-linked actors targeting software supply chains.

OpenAI's Response

OpenAI said the attacker likely did not successfully exfiltrate its code-signing certificate, meaning end users of OpenAI apps were not directly exposed. However, as a precaution, the company announced it will discontinue support for older macOS app versions on May 8, 2026, giving users 30 days to update.

The company is cooperating with law enforcement and has implemented additional safeguards across its development pipelines to prevent similar attacks.

Broader Implications

The attack highlights how even the most security-conscious technology companies remain vulnerable to supply chain attacks targeting open-source dependencies. The Axios incident is part of a broader campaign — researchers at The Hacker News and Microsoft documented the same malicious package infecting multiple development environments across the tech industry.

Supply chain attacks have become a preferred vector for state-sponsored hackers because they allow attackers to compromise hundreds or thousands of targets by poisoning a single trusted upstream dependency.

The Bottom Line

OpenAI's disclosure is a reminder that no development pipeline is immune to supply chain attacks. With state-sponsored actors actively targeting npm packages and other open-source dependencies, organizations need to implement dependency pinning, integrity verification, and continuous monitoring of their build systems — not just their applications.