OpenAI is forcing Mac users to update ChatGPT and other desktop apps soon, after a supply chain attack exposed signing certificates that Apple's security systems use to verify trusted software.
The company disclosed the incident on May 13 and confirmed malware linked to the "Mini Shai-Hulud" attack infected two employee devices through the TanStack npm ecosystem. Investigators identified unauthorized access activity in a limited set of internal source code repositories connected to those employees.
OpenAI rotated its signing certificates and re-signed affected apps to prevent potential misuse of the exposed credentials. The company found no evidence that customer data, production systems, or intellectual property were compromised during the incident.
Apple's macOS security protections will block apps signed with the older certificates after June 12, which makes the update mandatory for affected Mac users.
OpenAI confirmed the affected repositories included signing certificates used for applications across macOS, iOS, Windows, and Android. The company blocked future notarization attempts tied to the older credentials instead of revoking the certificates immediately and risking broken software installations for existing users.
Mac users must install updated versions before June 12. After that date, Apple's security protections will stop trusting apps signed with the previous certificates.
Why macOS users need to update
Code-signing certificates help macOS verify that software comes from a legitimate developer. Apple's Gatekeeper and notarization systems use those certificates to determine whether apps should be trusted, launched, or blocked.
Investigators found no evidence that exposed certificates were used to sign malicious software or distribute malware to users. OpenAI reviewed prior notarizations for signs of unauthorized activity and said it found no evidence of misuse.
Older versions of ChatGPT Desktop, Codex App, Codex CLI, and Atlas signed with the previous certificates may stop functioning or receiving updates after June 12. ChatGPT Desktop 1.2026.125, Codex App 26.506.31421, Codex CLI 0.130.0, and Atlas 1.2026.119.1 are the affected releases.
Supply chain attacks are becoming harder to contain
Modern apps rely on vast networks of open-source libraries, package managers, and automated development systems that can spread compromised code widely. A malicious dependency can traverse multiple organizations before developers detect the malware in the software chain.
Apple's macOS security protections will block apps signed with the older certificates after June 12The attack hit during an active rollout of new supply chain security protections across OpenAI's development systems. Those protections included stricter package provenance checks, stronger CI/CD credential controls, and package-manager safeguards like minimumReleaseAge policies.
The two affected employee devices hadn't yet received the updated protections when the malware reached the systems. OpenAI said the incident accelerated deployment of additional safeguards designed to reduce the impact of future supply chain attacks.
How Mac users can stay safe
OpenAI told users to install updated apps only through official websites or built-in update systems. The company also warned users to avoid installers distributed through ads, third-party download sites, email links, or unsolicited messages.
Mac users should verify they are running the latest versions of ChatGPT, Codex, and related OpenAI apps before June 12. Users who downloaded OpenAI software from unofficial sources should delete those apps and reinstall clean versions directly from OpenAI.
