OpenAI's Axios Supply Chain Hack: North Korean Actors Compromised a Tool Used by Millions
What Happened
OpenAI disclosed that on March 31, threat actors linked to North Korea hijacked the npm account of a maintainer of Axios, one of the most widely used JavaScript libraries in the world. The compromised versions introduced a hidden backdoor targeting Windows, macOS, and Linux. Because OpenAI's build pipeline used Axios, the attackers gained access to certificate material used to sign OpenAI's macOS apps — ChatGPT Desktop, Codex, and Atlas. OpenAI says no user data was accessed, but all macOS users must update before May 8.
My Take
This is a software supply chain attack, and it hit one of the most prominent AI companies in the world through a widely used open-source library. That is the part that should worry every technology leader reading this. Your company probably depends on dozens of open-source packages maintained by small teams or individual volunteers. When one of those maintainers gets compromised, the blast radius can reach millions of users downstream. OpenAI caught this relatively quickly. Most companies would not. If you run engineering teams, this is a good week to ask your security people how they monitor third-party dependencies — and what would happen if one of them got poisoned tomorrow.
Read Original Source