OpenAI identified exposure to the broader Axios supply-chain compromise when a GitHub Actions workflow used for macOS app signing downloaded and executed malicious Axios version 1.14.1 on March 31, 2026. The affected workflow had access to certificate and notarization material for ChatGPT Desktop, Codex, Codex CLI, and Atlas, but OpenAI found no evidence that user data, internal systems, intellectual property, or published software were altered. OpenAI assessed that certificate exfiltration was likely unsuccessful because of job timing, certificate injection sequencing, and other mitigations, but still treated the certificate as compromised and rotated it. The root cause was a workflow configuration that used a floating package tag and lacked minimumReleaseAge controls for new packages. The case illustrates how a compromised developer dependency can reach sensitive CI/CD signing workflows even when downstream compromise is not confirmed.