A wider ranging security incident reported by Google Threat Intelligence Group last week prompted OpenAI to take action around its certification process.
OpenAI said on Friday (10 April) that it would be working on safeguarding and updating the certification process for its apps running on MacOS following reports of a security issue around a third-party development tool.
The company said that it would update the security certification process for its MacOS apps through “an abundance of caution”, having found no evidence that OpenAI user data was accessed, that its systems or intellectual property were compromised, or that its software was altered.
A wider ranging security incident reported by Google Threat Intelligence Group last week centred around exploits of a third-party tool named Axios, which prompted OpenAI to consider and take steps against the possibility “of someone attempting to distribute a fake app that appears to be from OpenAI”, the company said.
According to the company, this “unlikely” scenario necessitated it to revoke and replace existing security certifications for MacOS versions of its chatbot ChatGPT, coding tool Codex and web browser Atlas.
OpenAI said that Mac users of any of these apps are required to update to their newest versions to ensure compliance with the new security protocols, adding that “older versions of our MacOS desktop apps will no longer receive updates or support, and may not be functional”.
User passwords and OpenAI API keys were unaffected by the potential breach, and no evidence of “malware signed as OpenAI” had been detected, the company said.
It added that after 8 May, new downloads and launches of apps signed with old security certificates will be blocked by MacOS security protections.
The potential security threat does not affect iOS, Android, Linux, Windows or web versions of OpenAI apps, the company said, and only users of its MacOS versions need to take action.
The “root cause” of the security incident was a “misconfiguration in the GitHub Actions workflow” that has since been addressed, according to OpenAI.
Last month, reports emerged of the AI giant’s plans for consolidating its chatbot, coding and web browsing tools into a single ‘superapp’ for desktop in the face of fierce competition from Anthropic.
The following week, it decided to shut down its controversial AI video generator Sora and sideline plans for an ‘erotic’ version of ChatGPT to focus instead on its core enterprise business.
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
You must be logged in to post a comment Login