On March 31, 2026, a North Korean state actor poisoned Axios, the most downloaded JavaScript library in the world, with over 100 million weekly installs. Minutes after the attack was published, Maze detected the compromised component inside OpenAI’s software and across every affected vendor we monitor. Our customers knew they were exposed and had clear steps to protect themselves.
OpenAI disclosed the incident on April 10. Ten days later.
For those ten days, every enterprise running OpenAI’s macOS applications had no idea. Maze customers did.
What Happened
The attacker compromised the lead Axios maintainer’s account through a targeted social engineering campaign, deploying RAT malware on his machine weeks before the attack. On March 31, they published two malicious versions, tagged as the default install, injecting a remote access trojan that targeted macOS, Windows, and Linux. The poisoned versions were live for roughly three hours before being removed. Any build pipeline or CI/CD workflow that ran during that window pulled the compromised code automatically.
One of those workflows belonged to OpenAI. A GitHub Actions job used to sign certificates for macOS applications (ChatGPT Desktop, Codex, Atlas) downloaded and executed the malicious Axios. The workflow had access to the certificate and notarization material that tells macOS a piece of software is legitimately from OpenAI. If that material was exfiltrated, an attacker could sign and notarize malicious software that would be treated as a legitimate OpenAI application.
Minutes, Not Days
Maze continuously monitors over 1,000 vendors at the deepest technical level. Minutes after the Axios attack was published, Maze detected the compromised component inside OpenAI’s software and across every monitored vendor that had pulled the poisoned version.
Maze customers had a clear picture immediately: which vendor software in their environment was affected, what the risk was, and what to do about it. Maze had already detected the malicious code, and delivered actionable remediation steps while the rest of the industry was still piecing together what happened.
What This Means
The Axios attack wasn’t theoretical. It was a North Korean state operation that hit the most widely used JavaScript library in the world, compromised software signing material at one of the most prominent AI companies on earth, and affected organizations across financial services, healthcare, media, legal, and technology.
Three hours was all it took. And attackers are getting faster. AI lets them take a compromised dependency, map every product that pulled it in, and generate working exploits before the vendor has even posted an advisory. Ten days of silence isn’t just a disclosure gap. It’s a ten-day head start.
Every tool that relies on vendor advisories, CVE databases, or package-level scanning was blind until the vendors chose to speak. Maze analyzes the software your vendors ship you — continuously, across your entire vendor stack. When the biggest supply chain attack of 2026 hit, Maze customers were the first to know and the first to act.
Everyone else found out when OpenAI decided to tell them. Maze customers found out when it happened.