OpenAI's response to the Axios developer tool compromise
by shpat on 4/23/2026, 12:45:01 AM
https://openai.com/index/axios-developer-tool-compromise/
Comments
by: danscan
Axios, like Express, is something I'm shocked to see used in any modern codebase. I loved both in the 2010s. In JS/TS-land there are much simpler and better options these days. Depending on Axios suggests the devs don't know how to use fetch. I can't think of another reason it would be a necessary dependency
4/23/2026, 3:17:07 AM
by: fortuitous-frog
Interesting that (1) this blog post published on April 10th, 10 days after the Axios compromise, and (2) this was emailed to ChatGPT / Codex users yesterday, April 21st, 11 days after the blog post...<p>After an incident as widely publicized as Axios, I'd expect dependency auditing, credential rotation, and public incident communication to all be carried out with much more urgency. And if they were going to send this out to all of their users (as they should), I would expect _that_ to happen shortly after publishing the post (why wait 11 days???).
4/23/2026, 2:47:29 AM
by: mrcwinn
Above and beyond post. This is good.
4/23/2026, 3:36:20 AM