OpenAI confirmed two employee devices were breached in the TanStack supply chain attack that compromised over 160 npm and PyPI packages on May 11.
“We observed activity consistent with the malware’s publicly described behavior, including unauthorized access and credential-focused exfiltration activity, in a limited subset of internal source code repositories to which the two impacted employees had access,” OpenAI explained.
The company rotated code-signing certificates for macOS applications as a precaution requiring users to update before June 12, 2026. However, OpenAI stated customer data, production systems, intellectual property, and deployed software were not impacted.
The breach is linked to Mini Shai-Hulud supply chain campaign by TeamPCP extortion gang that targeted developers through malicious updates. OpenAI observed activity consistent with malware including unauthorized access and credential-focused exfiltration in limited internal source code repositories. Consequently, only limited credential material was successfully exfiltrated from these code repositories with no other information or code impacted.
OpenAI engaged a third-party digital forensics and incident response firm to investigate and contain the malicious activity. The company worked to block further notarization of macOS apps with impacted material. Furthermore, any fraudulent app posing as OpenAI app using the impacted certificate will lack notarization and be blocked by macOS security protections.
Windows and iOS users are not impacted and do not need to take any action according to OpenAI. The attack initially targeted TanStack and Mistral AI before spreading to UiPath, Guardrails AI, and OpenSearch through stolen CI/CD credentials. Meanwhile, researchers from Socket and Aikido tracked hundreds of compromised packages distributed through legitimate package repositories.
Older versions of macOS desktop apps will no longer receive updates or support after June 12 and may not be functional. The revocation may cause macOS to block new downloads and first-time launches of apps signed with previous certificates. OpenAI provided users until June 12 to update minimizing disruption.
