Why it matters
OpenAI responds to the Axios supply chain attack by rotating macOS code signing certificates, updating apps, and confirming no user data was compromised.
My takeaway: A useful supply-chain reminder for AI tooling. Teams integrating model clients, plugins, or desktop apps should assume that developer tooling itself can become part of the attack path and needs certificate, update, and revocation hygiene.