OpenAI Fixes Security Flaw in Third-Party Tool; User Data Safe - News Directory 3

OpenAI Fixes Security Flaw in Third-Party Tool; User Data Safe

April 11, 2026 Robert Mitchell News
News Context
At a glance
  • OpenAI identified a security issue on April 10, 2026, involving a third-party developer tool called Axios.
  • As a result of the discovery, OpenAI is implementing measures to protect the process used to certify that its macOS applications are legitimate OpenAI apps.
  • The security issue involving Axios prompted OpenAI to take specific steps regarding its macOS software.
Original source: channelnewsasia.com

OpenAI identified a security issue on April 10, 2026, involving a third-party developer tool called Axios. The company stated that the issue was part of a broader industry incident and found no evidence that OpenAI user data, internal systems, or intellectual property were accessed.

As a result of the discovery, OpenAI is implementing measures to protect the process used to certify that its macOS applications are legitimate OpenAI apps.

macOS Application Certification

The security issue involving Axios prompted OpenAI to take specific steps regarding its macOS software. The company is focusing on the certification process to ensure that applications distributed for macOS are verified as authentic OpenAI products.

According to a statement from OpenAI, these precautions are being taken out of an abundance of caution to maintain the integrity of the application certification process.

Previous Security Vulnerabilities

The Axios incident follows other security developments addressed by OpenAI in early 2026. On February 20, 2026, the company patched a vulnerability in ChatGPT that allowed threat actors to silently exfiltrate sensitive user data.

Previous Security Vulnerabilities

This specific flaw was discovered by security experts from Check Point Research. The vulnerability combined prompt injections with a bypass of built-in guardrails, enabling attackers to steal data through covert domain queries and DNS abuse.

AI tools should not be assumed secure by default

Check Point Research

The February 20, 2026, patch was the second major security fix OpenAI implemented that week, following the resolution of a Codex command injection flaw.

Security researchers noted that the DNS abuse method was particularly risky because DNS traffic is often not flagged as suspicious behavior, allowing data to be pulled from the tool without the user’s knowledge or consent.

Third-Party Incident History

OpenAI has also managed security issues involving other third-party services. On November 26, 2025, the company addressed a security incident involving Mixpanel.

OpenAI stated that the Mixpanel incident was not a breach of OpenAI’s own systems. The company confirmed that no passwords, credentials, API keys, payment details, API requests, API usage data, or chat logs were accessed during that event.

These events collectively show a pattern of OpenAI addressing vulnerabilities stemming from both internal software flaws and third-party developer tools.