OpenAI is a confirmed downstream victim of the UNC1069 Axios supply chain attack, with macOS code-signing certificates for ChatGPT Desktop, Codex, Codex CLI, and Atlas exposed via a compromised GitHub Actions CI/CD pipeline on March 31, 2026. No CVE has been assigned to the certificate exposure event. OpenAI has confirmed certificate revocation on May 8, 2026; all macOS endpoints running pre-revocation versions of these four applications will be blocked from launching after that date. Organizations must update all affected macOS applications to newly signed versions before May 7, 2026, and verify installed versions against OpenAI’s official advisory at openai.com/index/axios-developer-tool-compromise/.