LIVE THREATS
HIGH Your MTTD Looks Great. Your Post-Alert Gap Doesn't // HIGH CSA: CISOs Should Prepare for Post-Mythos Exploit Storm // MEDIUM OWASP GenAI Security Project Gets Update, New Tools Matrix // HIGH OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack // HIGH Python Supply-Chain Compromise // HIGH Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign // HIGH Google's Vertex AI Is Over-Privileged. That's a Problem // CRITICAL Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances … // CRITICAL How We Broke Top AI Agent Benchmarks: And What Comes Next // LOW Anthropic Claude Mythos Preview: The More Capable AI Becomes, the More Security It Needs //
ATLAS OWASP HIGH Significant risk · Prioritise patching Supply Chain Industry News LLM Security RELEVANCE ▲ 7.5

OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack

OpenAI has been impacted by a supply chain attack attributed to North Korea-linked threat actors, involving a compromised macOS code signing certificate associated with the Axios JavaScript library. The incident highlights the vulnerability of major AI platforms to upstream software supply chain compromises, which could expose users to malicious code distributed through trusted tooling. As a leading AI infrastructure provider, any compromise of OpenAI's build or distribution pipeline carries significant downstream risk for enterprises relying on its models and APIs.

SOURCE SecurityWeek ↗
SUPPLY CHAINSecurityWeekHIGHOpenAI Impacted by North Korea-Linked AxiosSupply Chain Hack

Overview

OpenAI has confirmed it was affected by a supply chain attack linked to North Korean threat actors, involving the compromise of a macOS code signing certificate associated with Axios, a widely used JavaScript HTTP client library. The AI company is actively responding after determining the certificate may have been used to sign malicious code distributed through the Axios ecosystem. Given OpenAI’s central role in the global AI infrastructure landscape, the incident raises serious concerns about the integrity of software dependencies underpinning AI platforms and services.

Supply chain attacks targeting developer tooling have become an increasingly favoured vector for nation-state actors, particularly those affiliated with North Korea’s Lazarus Group and related clusters, who have previously targeted cryptocurrency firms, defence contractors, and now, AI infrastructure.

Technical Analysis

The attack vector centres on a compromised macOS code signing certificate linked to the Axios project. Code signing certificates establish trust between software distributors and end-user systems — a compromised certificate allows threat actors to sign malicious binaries or packages that macOS Gatekeeper and enterprise security tools may treat as legitimate.

In the context of a JavaScript library like Axios, the attack surface extends to any organisation that ingests Axios as a dependency, potentially through npm package distribution or bundled tooling. If the certificate was used to sign a trojanised build or installer, downstream consumers — including OpenAI’s internal development pipeline — could have received and executed compromised artefacts without immediate detection.

North Korean-linked groups have demonstrated sophisticated capability in this area, including the 2023–2024 campaigns targeting software developers via compromised open-source packages and fake recruitment lures (Operation Dream Job).

Framework Mapping

MITRE ATLAS:

  • AML.T0010 – ML Supply Chain Compromise: Directly applicable. The attack targets a software component (Axios) within the development and deployment supply chain of an AI-enabled product or service.
  • AML.T0047 – ML-Enabled Product or Service: OpenAI’s products are prime targets; compromise of internal tooling could affect model training pipelines, API infrastructure, or internal development environments.

OWASP LLM Top 10:

  • LLM05 – Supply Chain Vulnerabilities: The incident is a textbook example of third-party dependency risk materialising against an AI provider, potentially affecting the integrity of software that interacts with or supports LLM systems.

Impact Assessment

The immediate impact falls on OpenAI’s internal systems, with potential exposure to malicious code via compromised development tooling. Broader implications include risk to any organisation using Axios builds signed with the affected certificate. If the compromise extended into OpenAI’s model training or inference infrastructure, the consequences could be severe — though no such escalation has been publicly confirmed at this time. Enterprise customers and API consumers should remain vigilant for anomalous behaviour.

Mitigation & Recommendations

  • Audit Axios dependencies: Organisations using Axios should verify package integrity via npm audit and cross-check published checksums against known-good versions.
  • Revoke and reissue certificates: Any certificates potentially in scope should be revoked immediately; OpenAI’s response reportedly includes certificate remediation steps.
  • Enforce code signing policies: Implement strict allowlisting of trusted certificates in macOS enterprise environments using MDM tooling.
  • Monitor CI/CD pipelines: Inspect build logs for unexpected signing operations or anomalous package fetch behaviour.
  • Threat intelligence subscription: Track North Korean TTPs via CISA advisories and vendor threat intelligence feeds focused on DPRK-affiliated clusters.

References