OpenAI Codex Tokens Stolen in Supply Chain Attack

Cybersecurity researchers have released details about a new malicious supply chain campaign targeting developers who use OpenAI Codex. The campaign utilizes a tool called codexui-android, which is advertised on GitHub and npm as a remote web UI for OpenAI Codex. The package has recorded over 29,000 downloads in the past week and remains available in the repository. The attackers have designed the software to appear legitimate in order to gain the trust of developers. The use of OpenAI Codex is widespread in the developer community, increasing the attractiveness of the attack.

Researchers warn that the attackers can gain access to sensitive authentication tokens required for using OpenAI Codex through this method. The vulnerability was discovered when researchers noticed irregularities in the download statistics and the behavior of the software. A thorough analysis revealed that the software not only provides the promised functionalities but also executes malicious code in the background. This code can be used to steal data or compromise systems. The researchers have classified the vulnerability as CVE-2026-1234.

This vulnerability affects not only developers using the tool but could also impact companies integrating OpenAI Codex into their applications. By accessing authentication tokens, attackers could perform unauthorized actions on behalf of users. The security community has already taken measures to stop the spread of the malicious tool. Several security companies have issued warnings and recommend that developers check their systems for signs of an attack. Researchers advise avoiding all downloads of codexui-android until the security issues are resolved.

The incidents highlight the risks associated with using open-source software. Developers often rely on the integrity of the packages they use, and attacks like this can undermine trust in the entire community. Security researchers emphasize the need for regular security audits and reporting of suspicious activities. The incidents have also sparked a discussion about the responsibility of platforms like GitHub and npm. Critics are calling for stricter security measures and reviews to ensure that malicious software cannot spread unchecked.

Platforms have already announced plans to review and adjust their security protocols as necessary. The vulnerability also impacts the developer community, which is becoming increasingly aware of the threats posed by supply chain attacks. Many developers have re-evaluated their practices and are now increasingly relying on security solutions to protect their projects. The incidents could lead to long-term changes in how software is developed and distributed. Researchers have urged the community to remain vigilant and regularly install security updates.

The threat of supply chain attacks is expected to increase as attackers develop more sophisticated methods. The CVE-2026-1234 vulnerability could potentially affect thousands of developers and companies relying on OpenAI Codex. Security research will continue to intensify to minimize the impact of such attacks. Researchers are working on solutions to ensure the integrity of software packages and strengthen the security of the developer community. The discussion about the security of open-source software is expected to gain momentum in the coming months. The vulnerability was made public on June 1, 2026, and researchers recommend taking immediate action to protect systems.