LIVE THREATS
HIGH Malicious npm Package Targets Claude AI Users via Supply Chain Attack // HIGH Multi-Agent LLM System Discovers 29 Zero-Day Vulnerabilities in Open-Source Projects // HIGH Russia-Linked GreyVibe Weaponises ChatGPT and Gemini Across Full Attack Lifecycle // HIGH Russian GreyVibe Group Weaponises ChatGPT and Gemini for Cyberespionage // MEDIUM SQLite Bans Agentic Code Submissions as AI Bug Report Floods Begin // MEDIUM AI Bills of Materials Emerge as Critical Tool for ML Supply Chain Risk // HIGH Anthropic's Claude Mythos Autonomously Uncovers 10,000 Critical Software Flaws // HIGH LLM Coding Agents Collapse Under Structural Constraints, Study Finds // MEDIUM SentinelOne Prompt Security Targets Agentic AI Trust Verification Gap // MEDIUM Google's Gemini Spark Agent Raises Prompt Injection Risks at Enterprise Scale //
ATLAS OWASP HIGH Significant risk · Prioritise patching Supply Chain Industry News LLM Security RELEVANCE ▲ 7.5

OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack

SOURCE SecurityWeek ↗
TL;DR HIGH
  • What happened: North Korea-linked actors compromised Axios macOS certificate, exposing OpenAI and downstream users.
  • Who's at risk: Enterprises and developers relying on OpenAI APIs and services that depend on compromised Axios library.
  • Act now: Audit Axios dependencies in your build and development pipelines immediately. · Revoke or re-validate any macOS code signing certificates from affected timeframe. · Monitor for suspicious code execution or network activity from Axios-dependent applications.
OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack

Overview

OpenAI has confirmed it was affected by a supply chain attack linked to North Korean threat actors, involving the compromise of a macOS code signing certificate associated with Axios, a widely used JavaScript HTTP client library. The AI company is actively responding after determining the certificate may have been used to sign malicious code distributed through the Axios ecosystem. Given OpenAI’s central role in the global AI infrastructure landscape, the incident raises serious concerns about the integrity of software dependencies underpinning AI platforms and services.

Supply chain attacks targeting developer tooling have become an increasingly favoured vector for nation-state actors, particularly those affiliated with North Korea’s Lazarus Group and related clusters, who have previously targeted cryptocurrency firms, defence contractors, and now, AI infrastructure.

Technical Analysis

The attack vector centres on a compromised macOS code signing certificate linked to the Axios project. Code signing certificates establish trust between software distributors and end-user systems — a compromised certificate allows threat actors to sign malicious binaries or packages that macOS Gatekeeper and enterprise security tools may treat as legitimate.

In the context of a JavaScript library like Axios, the attack surface extends to any organisation that ingests Axios as a dependency, potentially through npm package distribution or bundled tooling. If the certificate was used to sign a trojanised build or installer, downstream consumers — including OpenAI’s internal development pipeline — could have received and executed compromised artefacts without immediate detection.

North Korean-linked groups have demonstrated sophisticated capability in this area, including the 2023–2024 campaigns targeting software developers via compromised open-source packages and fake recruitment lures (Operation Dream Job).

Framework Mapping

MITRE ATLAS:

  • AML.T0010 – ML Supply Chain Compromise: Directly applicable. The attack targets a software component (Axios) within the development and deployment supply chain of an AI-enabled product or service.
  • AML.T0047 – ML-Enabled Product or Service: OpenAI’s products are prime targets; compromise of internal tooling could affect model training pipelines, API infrastructure, or internal development environments.

OWASP LLM Top 10:

  • LLM05 – Supply Chain Vulnerabilities: The incident is a textbook example of third-party dependency risk materialising against an AI provider, potentially affecting the integrity of software that interacts with or supports LLM systems.

Impact Assessment

The immediate impact falls on OpenAI’s internal systems, with potential exposure to malicious code via compromised development tooling. Broader implications include risk to any organisation using Axios builds signed with the affected certificate. If the compromise extended into OpenAI’s model training or inference infrastructure, the consequences could be severe — though no such escalation has been publicly confirmed at this time. Enterprise customers and API consumers should remain vigilant for anomalous behaviour.

Mitigation & Recommendations

  • Audit Axios dependencies: Organisations using Axios should verify package integrity via npm audit and cross-check published checksums against known-good versions.
  • Revoke and reissue certificates: Any certificates potentially in scope should be revoked immediately; OpenAI’s response reportedly includes certificate remediation steps.
  • Enforce code signing policies: Implement strict allowlisting of trusted certificates in macOS enterprise environments using MDM tooling.
  • Monitor CI/CD pipelines: Inspect build logs for unexpected signing operations or anomalous package fetch behaviour.
  • Threat intelligence subscription: Track North Korean TTPs via CISA advisories and vendor threat intelligence feeds focused on DPRK-affiliated clusters.

References

◉ AI THREAT BRIEFING

Stay ahead of the threat.

Twice-weekly digest of critical AI security developments — every story mapped to MITRE ATLAS and OWASP LLM Top 10. Free.

No spam. Unsubscribe anytime.