Here's a fun Friday for you: OpenAI says it found a security problem. It's linked to Axios, a third-party developer library, and the company is moving to tighten how its macOS apps are verified so fake software can't pretend to be the real deal. Think of it as putting a better lock on the door after someone tried the handle.

This disclosure comes as things have gotten, well, physically heated around the company. San Francisco police arrested a 20-year-old suspect after an early-morning incident near OpenAI CEO Sam Altman's home involving allegations of a molotov cocktail attack. There were also threats reported near the firm's headquarters. So it's not just digital security on their minds right now.

According to reports, OpenAI said it didn't find signs that customer information was accessed, that its internal environment or intellectual property was breached, or that its codebase was modified. In the San Francisco case, police said officers were called around 4:12 a.m. to a report of an incendiary device thrown at a residence. The suspect ran off but was detained about an hour later after another call about a person threatening to ignite a separate building. Evidence ties the suspect to both incidents, and thankfully, no one was hurt.

What OpenAI's Security Breach Reveals

OpenAI is updating its security credentials and requiring Mac users to upgrade to the latest application releases. They've set a deadline: starting May 8, older builds of its macOS desktop software are slated to lose updates and support, and could stop working. It's like telling everyone to update their phones—except if you don't, your app might just give up on you.

This software-hardening push comes as OpenAI has been navigating criticism tied to a reported deal involving U.S. government use of its tools in classified military settings. Altman, writing in a blog post after the firebomb allegation, said, "A lot of the criticism of our industry comes from sincere concern about the incredibly high stakes of this technology."

How a Supply-Chain Attack Unfolded

OpenAI said Axios was tampered with on March 31 as part of a wider software supply-chain campaign that the company believes traces back to North Korea-linked actors. The compromise caused a GitHub Actions workflow to pull and run a malicious Axios version, and that workflow could reach certificate and notarization materials used to sign macOS apps. Basically, someone messed with a tool in the supply chain, hoping to sneak bad code into the process.

OpenAI's internal probe found the workflow's signing certificate most likely remained intact despite the malicious attack. The company also said passwords and OpenAI API keys were not impacted. So, while the attempt was there, the damage seems limited—this time.

Cybersecurity Enhancements Fuel Revenue Aspirations

This recent security enhancement comes as OpenAI has set some pretty ambitious targets for its advertising revenue. They're projecting $2.5 billion this year and aiming for a staggering $100 billion by 2030. These projections were presented to investors, highlighting the company's strategy to leverage its AI capabilities in ad matching, which is increasingly critical in a market dominated by tech giants like Google and Meta.

Additionally, OpenAI is reportedly finalizing a model with enhanced cybersecurity features through its "Trusted Access for Cyber" program, which it plans to deploy to a select group of companies. This reflects its commitment to addressing security concerns in tandem with its growth trajectory. Because when you're aiming for $100 billion, you probably don't want hackers or molotov cocktails slowing you down.

Why Timely Response Is Crucial for Tech Firms

OpenAI confirmed it is cooperating with law enforcement in the Altman incident. A spokesperson told Reuters, "Thankfully, no one was hurt. We deeply appreciate how quickly SFPD responded and the support from the city in helping keep our employees safe," while adding the company is assisting investigators.

Altman also urged a lower temperature in the debate around artificial intelligence, writing, "While we have that debate, we should de-escalate the rhetoric and tactics and try to have fewer explosions in fewer homes, figuratively and literally."

On the product side, OpenAI's macOS update requirement effectively turns patching into a gatekeeper for app legitimacy, aiming to reduce the odds that a forged build can circulate with credible-looking signing. The company framed the move as a preventative step tied to how its macOS apps are certified, rather than a response to confirmed user-data theft. So, it's less "we got robbed" and more "we're adding a security camera because the neighborhood's getting sketchy."