ChatGPT Atlas.app Contains Malware on Mac? What the Warning Really Means
Mac users are seeing 'ChatGPT Atlas.app was not opened because it contains malware.' Here is why macOS is blocking older OpenAI apps, how to fix it safely, and what Mac users should learn from it.
ChatGPT Atlas.app Contains Malware on Mac? What the Warning Really Means
Some Mac users are suddenly seeing a scary alert:
“ChatGPT Atlas.app” was not opened because it contains malware. This action did not harm your Mac.
Others are seeing a similar message for ChatGPT.app:
“Malware Blocked and Moved to Bin”
If that happened to you, the natural reaction is: did ChatGPT or Atlas install malware on my Mac?
Based on OpenAI's public response and Forbes' coverage, the answer appears to be no.
The short version: macOS is blocking older OpenAI Mac apps because of a revoked app-signing certificate after a developer tooling security incident. The warning is alarming, but it does not necessarily mean the app on your Mac was infected.
Still, you should take it seriously.
Quick fix: what to do now
If you see the warning for ChatGPT Atlas.app or ChatGPT.app:
- Do not bypass the warning.
- Delete the blocked or outdated app.
- Download the latest version only from OpenAI's official download page: chatgpt.com/download
- Avoid “fix” tools, mirrors, ads, email links, or random installers.
- Update any other OpenAI Mac apps you use, including Codex or Codex CLI.
The important part is not just updating. It is updating from the right source.
High-profile security warnings often create a second wave of risk: fake installers that claim to fix the problem. Do not install anything from third-party download sites or unsolicited links.
What actually happened
OpenAI says it identified a security issue involving Axios, a third-party developer tool, as part of a broader software supply-chain incident.
According to OpenAI, a GitHub Actions workflow used in its macOS app-signing process downloaded and executed a malicious version of Axios. That workflow had access to certificate and notarization material used for several OpenAI Mac apps, including:
- ChatGPT Desktop
- Atlas
- Codex
- Codex CLI
OpenAI says it found no evidence that:
- OpenAI user data was accessed
- OpenAI systems or intellectual property were compromised
- OpenAI's released software was altered
- The signing material was misused
Even so, OpenAI treated the certificate as potentially compromised, rotated its macOS signing material, and published new builds.
Effective May 8, 2026, older OpenAI macOS apps signed with the previous certificate may stop working or be blocked by macOS security protections.
That is why some users are seeing the malware warning now.
Why macOS says “contains malware”
macOS uses several layers of trust to decide whether an app should run:
- Code signing verifies who signed the app.
- Notarization lets Apple check that the app passed Apple's automated security review.
- Gatekeeper blocks apps that fail trust checks.
- Certificate revocation lets a developer or Apple invalidate a signing certificate after a security concern.
When an app's signing certificate is revoked, macOS may no longer trust older builds signed with that certificate.
From the user's point of view, this can look dramatic:
- The app gets moved to the Bin.
- The app will not open.
- macOS says it contains malware.
- The warning says the action did not harm your Mac.
But the technical meaning can be more specific:
macOS can no longer verify this app through a trusted signing chain, so it is blocking it.
That is not the same as saying OpenAI's app infected your computer. It means the trust chain changed, and macOS is refusing to run the old build.
Which OpenAI Mac app versions are affected
OpenAI says older versions may no longer receive updates or support and may not be functional after the certificate revocation.
OpenAI listed these as the earliest versions signed with the updated certificate:
- ChatGPT Desktop: 1.2026.051
- Atlas: 1.2026.84.2
- Codex App: 26.406.40811
- Codex CLI: 0.119.0
If your version is older than those, update it.
If macOS already moved the app to the Bin, the cleanest path is to download a fresh copy from OpenAI instead of trying to restore the blocked app.
Why you should not just override Gatekeeper
When macOS blocks an app, it is tempting to search for a workaround.
For this specific issue, do not do that.
The safe answer is not “right-click and open anyway.” The safe answer is to install a newly signed version from the official source.
That matters because the original concern involved signing and notarization material. If the trust chain is the issue, bypassing the trust check defeats the protection macOS is trying to provide.
A good rule:
If an app is blocked because of a certificate or malware warning, update from the official developer before trying any bypass.
What Mac users should learn from this
This incident is not only about ChatGPT Atlas.
It is a useful reminder of how much modern Mac app security depends on the software supply chain.
1. App updates are part of security
Many people delay updates because they do not want workflow disruption.
That is understandable. But for desktop apps, especially apps with system-level permissions, updates are not only about new features. They also rotate certificates, patch dependencies, and keep the app aligned with macOS trust systems.
2. Download source matters
A signed app from the real developer is very different from an installer found through an ad, mirror, repost, or DM.
For security-sensitive tools, use:
- The developer's official website
- The Mac App Store, when available
- Built-in app updates
Avoid “download portals” that wrap installers or host old builds.
3. Permission-heavy apps deserve extra scrutiny
Some Mac apps ask for deeper permissions than others.
AI assistants, screen recorders, developer tools, automation tools, clipboard tools, and accessibility utilities can have access to sensitive parts of your workflow.
That does not mean you should avoid them. It means you should prefer apps that are actively maintained, clearly distributed, signed, notarized, and transparent about what they do.
Why this matters for screen recording apps too
Screen recording apps are especially sensitive because they can capture what is visible on your display.
A screen recorder may touch:
- ScreenCaptureKit
- Microphone input
- System audio
- Accessibility permissions
- Local files
- Export destinations
That is why the boring parts of Mac software matter: signing, notarization, update flow, local storage, and clear distribution.
The best screen recording app is not just the one with the prettiest zoom effect. It is the one you trust to run on your Mac while your work is visible.
Where ScreenKite fits
ScreenKite is a native macOS screen recorder and video editor built for people who create product demos, tutorials, walkthroughs, and support videos on a Mac.
It is local-first by default:
- Recordings stay on your Mac.
- There is no automatic cloud upload.
- No account is required to start recording.
ScreenKite is also built as a native Mac app, using Apple's screen recording and media frameworks rather than a browser-based wrapper. That matters for performance, but it also fits the way Mac users expect serious desktop software to behave: clear permissions, local files, and a normal Mac app workflow.
This does not make any app immune to supply-chain risk. No modern software ecosystem can honestly promise that.
But if you record sensitive work — customer data, internal dashboards, unreleased product features, private conversations, or code — choosing a local-first native Mac recorder is a practical step toward better control.
A practical Mac app security checklist
Before installing or updating any Mac app with meaningful permissions, ask:
- Did I download it from the official developer or the Mac App Store?
- Is the app actively maintained?
- Does macOS recognize the developer signature?
- Does the app request permissions that match what it actually does?
- Does it upload data automatically, or does it keep files local until I choose to share?
- If I see a malware or certificate warning, am I updating from the official source instead of bypassing macOS?
You do not need to become a security expert. You just need good defaults.
Conclusion
The “ChatGPT Atlas.app contains malware” warning looks severe because macOS security warnings are designed to get your attention.
In this case, the available evidence points to a certificate revocation and trust-chain issue after a developer tooling incident, not proof that ChatGPT Atlas infected Macs.
The safe response is simple:
- Do not bypass the warning.
- Delete the blocked old app.
- Download the latest version from OpenAI.
- Keep macOS apps updated.
- Avoid third-party installers.
And for any Mac app that touches sensitive parts of your workflow — AI assistants, developer tools, screen recorders, automation tools — treat signing, notarization, update flow, and local-first defaults as part of the product, not background details.
If you need a native, local-first screen recorder for Mac, ScreenKite is built around that philosophy: record on your Mac, keep files under your control, and share only when you choose.
The team behind ScreenKite — building the fastest screen recorder for macOS.
www.screenkite.comRelated articles
Your Screen Recording Doesn't Need the Cloud: The Case for Local-First
Why local-first screen recording matters for privacy, security, and control. What happens when your recordings go to the cloud, and when keeping them local makes sense.
Native vs Electron Screen Recorders: Performance, Battery, and Why It Matters
Why native macOS screen recorders outperform Electron-based alternatives in CPU usage, memory, battery life, and export speed. A technical comparison.
The 3 Major macOS Screen Recording Pain Points in 2026: Exporting, Audio, and Automation Chaos
A deep dive into the three critical frustrations facing macOS screen recording users in 2026: export efficiency, audio quality, and lack of control over automation.