Update Your ChatGPT and Codex Mac Apps Before May 8 — A Creator's Field Guide to OpenAI's macOS Update

If you run ChatGPT, Codex, Codex-cli, or the Atlas browser on a Mac, this is one to handle today and forget about for the rest of the year. OpenAI is rotating the macOS code-signing certificate that protected those desktop apps, and the OpenAI macOS update has a hard cutoff: May 8, 2026. After that date, older builds won't update, won't be supported, and — more practically — macOS Gatekeeper will start blocking the apps from launching by default.

We don't usually write about security alerts; most don't matter to a creator workflow. This one does, because it affects the desktop tools many of us keep open eight hours a day, and because the seven-day window between now and the deadline is shorter than people realize. Below: what actually happened, how to verify your apps are on the new builds, and what we recommend doing this week.

What Triggered the OpenAI macOS Update

On March 31, the popular axios developer library was compromised as part of a broader npm supply-chain attack. Version 1.14.1 shipped a malicious payload, and it slipped into the GitHub Actions workflow that OpenAI uses to sign its macOS desktop apps. That workflow had access to the certificate and notarization material used for ChatGPT Desktop, Codex, Codex-cli, and Atlas.

OpenAI's own incident write-up is unusually direct about the chain of events:

"A misconfiguration in our GitHub Actions workflow — specifically using a floating tag rather than a specific commit hash and not having a configured minimum release age for new packages — allowed a malicious version of axios to be pulled in during a build. We treat the certificate as compromised and are revoking and rotating it."

The good news, repeated across OpenAI's statements and the independent reporting on the incident: no user data appears to have been exfiltrated, no malware signed as OpenAI was detected in the wild, and API keys plus passwords were unaffected. The bad news: any Mac app signed by the old certificate is going to stop being trustworthy on May 8.

This is what the OpenAI macOS update is doing under the hood. The new builds are signed with a freshly issued certificate. macOS will accept the new signature; once Apple revokes the old one, anything still on the legacy build will face Gatekeeper friction, then outright blocking.

Who Should Care

The list of affected apps:

• ChatGPT Desktop for macOS — the standalone Mac app, not the web client.
• Codex and Codex-cli — both the GUI and the command-line agentic coding tool many of us use for one-shot scripts.
• Atlas — OpenAI's experimental browser, which has been quietly gaining traction in agentic workflows.

If you only ever use ChatGPT in a browser tab, this doesn't touch you. If you ever opened the actual .app bundle from /Applications, you're in scope.

Pro tip: A surprising number of creators forget Codex-cli is even installed because it lives in their shell path. Run which codex in your terminal — if it returns a path inside /usr/local/bin or ~/.local/bin, you're affected and need to update that one too. The brew tap for Codex-cli was refreshed alongside the desktop apps.

How to Run the OpenAI macOS Update Today

Three steps, ten minutes, done.

1. Update the desktop apps

For ChatGPT Desktop and Atlas:

1. Open the app.
2. From the menu bar, choose the app name → Check for Updates.
3. Accept the update prompt. The new build will replace the old one and re-launch.
4. Verify the build version matches the latest published in OpenAI's release notes.

If the in-app updater fails (we saw this on a couple of older macOS installs), pull a clean download from chatgpt.com/download or openai.com/atlas. Both pages now serve the new-cert builds.

2. Update Codex and Codex-cli

Codex desktop follows the same flow as ChatGPT. For Codex-cli, the path depends on how you installed it:

• Homebrew: brew update && brew upgrade codex-cli
• Direct install: Re-run the install script from OpenAI's docs page; it will pull a freshly signed binary.
• Custom Docker / CI: Pin a new image tag and rebuild. Don't keep the floating tag — the same lesson OpenAI just learned applies to your own pipeline.

3. Verify the signature

This is the step most guides skip. To confirm your app is signed by the new certificate, run:

``bash codesign -dv --verbose=4 /Applications/ChatGPT.app 2>&1 | grep "Authority" ``

You're looking for the freshly issued OpenAI authority chain. If you see a certificate dated before April 2026, the OpenAI macOS update didn't take and you need to download a clean copy.

What Else We'd Do This Week

The supply-chain attack itself is the more interesting story for anyone who runs their own creator tools. It's a useful nudge to audit a few things while the topic is top of mind.

A short list:

• Pin your dependencies by hash, not tag. The exact mistake OpenAI describes — floating tags in CI — is the same one most indie creator tools make. If your AI-image pipeline depends on a Python or Node package, pin it with a content hash.
• Check your minimum release age. Tools like Renovate, Dependabot, and npm audit can be configured to wait N days before allowing new releases through. Three to seven days is a reasonable window — long enough that supply-chain compromises usually get caught, short enough not to slow you down.
• Audit AI desktop apps you've forgotten about. Most of us have a graveyard of half-installed AI tools in /Applications. If you don't use it, uninstall it. Each one is a signature surface.
• Backup your prompt libraries off-app. This isn't directly about the OpenAI macOS update, but it's a good week to remember that prompts living only inside ChatGPT or Codex are vulnerable to any disruption — supply-chain, account, or otherwise. A flat-file copy in your own repo is cheap insurance.

Why This Matters Beyond Mac

There's a bigger pattern worth naming. The OpenAI macOS update is the second high-profile reminder this year — after the npm nx incident in late winter — that the AI tooling stack is now downstream of the same dependency-graph fragility that's plagued the broader software ecosystem for a decade. As more of our creative workflow moves into AI-native desktop apps and CLI agents, that exposure grows.

We're not catastrophizing. OpenAI handled this one well: detected fast, disclosed in plain language, rotated the certificate, set a deadline that's tight but achievable. That's roughly what good incident response looks like. The takeaway for creators isn't "don't use ChatGPT on Mac" — it's "treat your AI tooling stack with the same supply-chain hygiene you (hopefully) already apply to your dev stack."

Run the update. Pin your hashes. Get back to making stuff.

TL;DR

If you use ChatGPT Desktop, Codex, Codex-cli, or Atlas on a Mac, update them all before May 8, 2026. After that date, macOS will start blocking the legacy-certificate builds. No user data was breached in the underlying incident, so this isn't a panic moment — but the deadline is firm, and skipping it means broken apps next Saturday morning. Ten minutes today, done.

Sources:

• Our response to the Axios developer tool compromise — OpenAI
• OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident — The Hacker News
• OpenAI rotates macOS certs after Axios attack hit code-signing workflow — BleepingComputer
• OpenAI Warns macOS Users to Update ChatGPT and Codex Immediately — Cybersecurity News
• OpenAI warns Mac users to update apps after third-party security issue — Cybernews