OpenAI Strengthens Security Posture Following Limited TanStack npm Supply Chain Attack

OpenAI has recently revealed its response to the TanStack npm supply chain attack, confirming that two employee devices were compromised during the broader malware campaign known as Mini Shai-Hulud. The company emphasized that there is no evidence suggesting that customer data, production systems, or intellectual property were affected during this incident.

This disclosure comes at a time when software supply chain attacks are increasingly targeting widely used open-source dependencies and developer tools. OpenAI stated that the attack involved a compromised version of the popular open-source library TanStack npm, which was utilized in parts of its internal environment.

The incident was identified on May 11, 2026 UTC. In response, OpenAI promptly initiated an investigation, isolating the affected systems, revoking sessions, rotating credentials, and temporarily restricting certain code deployment workflows as part of its containment strategy.

TanStack npm Supply Chain Attack Hit Two Employee Devices

OpenAI confirmed that the malware activity was confined to two employee devices within its corporate environment. During the investigation, the company observed behaviors consistent with publicly reported details of the Mini Shai-Hulud malware campaign, including credential theft and unauthorized access attempts involving a limited number of internal source code repositories.

The organization clarified that only a small amount of credential material was successfully exfiltrated, and no customer information or application code was impacted. To bolster its investigation and remediation efforts, OpenAI engaged a third-party digital forensics and incident response firm.

The repositories affected included code-signing certificates used for OpenAI products across various platforms, including macOS, Windows, iOS, and Android. As a precaution, the company is rotating these certificates and re-signing its applications with updated credentials.

macOS Users Required to Update OpenAI Apps

In light of the TanStack npm supply chain attack, OpenAI is mandating that all macOS users update their applications before June 12, 2026. The company warned that older macOS versions signed with previous certificates may cease to function after this date, as Apple’s security measures will block applications signed with outdated credentials once the certificates are fully revoked.

Affected macOS applications include:

• ChatGPT Desktop
• Codex App
• Codex CLI
• Atlas

OpenAI stated that users can safely update through built-in application update mechanisms or official download pages. The company cautioned users against installing applications from links shared via emails, messages, advertisements, or third-party download websites.

The organization emphasized that it has not detected any malicious software signed using OpenAI certificates. Additionally, existing software installations were reviewed, and no unauthorized modifications were identified.

No Impact to Customer Passwords or API Keys

In its FAQ, OpenAI stated that customer passwords, API keys, and user data were not exposed during the incident. The company also reported no evidence that attackers used compromised credentials for follow-on access or further malicious activity.

Windows and iOS users are not required to take immediate action, although OpenAI noted that all applications are being re-signed with new certificates as part of the broader remediation effort. The company explained that it delayed full certificate revocation until June 12 to avoid disrupting legitimate users. OpenAI has already collaborated with platform providers to block any new notarization attempts using the impacted certificates, thereby reducing the likelihood of fake applications being distributed as legitimate OpenAI software.

OpenAI Highlights Growing Risk of Software Supply Chain Attacks

The TanStack npm supply chain attack underscores the increasing cybersecurity risks associated with modern software ecosystems, where organizations heavily rely on shared open-source libraries, package managers, and CI/CD infrastructure. OpenAI noted that it had already been implementing additional security controls prior to the incident, including stricter package management protections, enhanced validation of third-party components, and stronger safeguards around sensitive CI/CD credentials.

However, the company acknowledged that the two affected employee devices had not yet received the updated security configurations that could have prevented the malicious package from being downloaded. This incident adds to the growing industry concerns regarding software supply chain security, particularly as threat actors continue to target trusted development tools and widely used open-source packages to gain access to enterprise environments.

For further details, refer to the original reporting source: thecyberexpress.com.

Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.