OpenAI's response to the Axios developer tool compromise
shpat
58 points
23 comments
April 23, 2026
Related Discussions
Found 5 related stories in 80.4ms across 5,335 title embeddings via pgvector HNSW
- A GitHub Issue Title Compromised 4k Developer Machines edf13 · 368 pts · March 05, 2026 · 61% similar
- OpenAI CEO Sam Altman Defends Pentagon Work to Staff cdrnsf · 75 pts · March 03, 2026 · 60% similar
- Axios compromised on NPM – Malicious versions drop remote access trojan mtud · 373 pts · March 31, 2026 · 60% similar
- How OpenAI caved to The Pentagon on AI surveillance zachb211 · 38 pts · March 02, 2026 · 59% similar
- OpenAI changes deal with US Military after backlash kulor · 12 pts · March 03, 2026 · 59% similar
Discussion Highlights (3 comments)
fortuitous-frog
Interesting that (1) this blog post published on April 10th, 10 days after the Axios compromise, and (2) this was emailed to ChatGPT / Codex users yesterday, April 21st, 11 days after the blog post... After an incident as widely publicized as Axios, I'd expect dependency auditing, credential rotation, and public incident communication to all be carried out with much more urgency. And if they were going to send this out to all of their users (as they should), I would expect _that_ to happen shortly after publishing the post (why wait 11 days???).
danscan
Axios, like Express, is something I'm shocked to see used in any modern codebase. I loved both in the 2010s. In JS/TS-land there are much simpler and better options these days. Depending on Axios suggests the devs don't know how to use fetch. I can't think of another reason it would be a necessary dependency
mrcwinn
Above and beyond post. This is good.