OpenAI is improving its online security after discovering an issue involving a third-party developer tool, Axios.
The privately-owned company best known for its ChatGPT artificial intelligence (AI) chatbot said the issue was part of a widely-reported broadly industry incident.
“Out of an abundance of caution we are taking steps to protect the process that certifies our macOS applications are legitimate OpenAI apps,” OpenAI said in a statement.
“We found no evidence that OpenAI user data was accessed, that our systems or intellectual property was compromised, or that our software was altered.”
The company said it was updating its security certifications, requiring all macOS users to update their OpenAI apps to the latest versions to help prevent any risk of someone attempting to distribute a fake app.
Axios, a widely used third-party developer library, was compromised on 31 March as part of a broader software supply chain attack by “actors” believed to be linked to North Korea.
This attack led a workflow used by OpenAI to download and execute a 'malicious' version of Axios.
OpenAI said its analysis of the incident concluded that the signing certificate present in this workflow was not likely to have been successfully exfiltrated by the 'malicious' payload.
“The security and privacy of your information are a top priority. We’re committed to being transparent and taking quick action when issues arise,” OpenAI said.
