OpenAI has confirmed that it was affected by the recent TanStack supply-chain cyberattack, after malicious software packages compromised two employee devices inside the company’s corporate environment. The incident is part of a broader software supply-chain campaign known as “Mini Shai-Hulud,” which targeted widely used developer ecosystems including npm and PyPI repositories.
According to OpenAI, attackers exploited compromised versions of the open-source TanStack npm packages, which are commonly used by developers to build web applications. The TeamPCP hacking group allegedly inserted malicious code into 84 package versions across 42 TanStack-related packages after breaching weaknesses in the package publishing process.
OpenAI stated that two employee devices downloaded the malicious packages before newer hardened configurations had been fully deployed across the company. As a result, attackers were able to compromise the devices and steal limited credential material from internal source code repositories. However, the company emphasized that there was “no evidence that OpenAI user data was accessed, that our production systems or intellectual property were compromised, or that our software was altered.”
Following the breach, OpenAI rotated affected credentials, revoked user sessions, restricted certain deployment workflows, and launched a broader security review with assistance from external digital forensics experts. The company also revoked and replaced code-signing certificates tied to macOS, Windows, Android, and iOS applications after discovering that compromised repositories contained certificate material used to sign software.
As part of its response, OpenAI instructed macOS users to update ChatGPT Desktop, Codex, Atlas, and related OpenAI applications before June 12, 2026. The company warned that older app versions signed with revoked certificates may eventually stop functioning or lose support.
Cybersecurity experts say the attack highlights the growing danger of software supply-chain attacks, where hackers compromise trusted third-party libraries or developer tools to infiltrate larger organizations. Because AI companies depend heavily on open-source ecosystems, package managers, cloud infrastructure, and developer automation tools, they have become especially attractive targets for sophisticated attackers.
The broader “Mini Shai-Hulud” campaign reportedly targeted multiple AI and developer ecosystems beyond OpenAI, including packages connected to Mistral AI and other popular development tools. Researchers noted that the malware focused on stealing credentials such as GitHub tokens, cloud API keys, CI/CD secrets, and development environment access tokens.
The incident has renewed industry concerns around open-source dependency security and developer infrastructure protection. As AI companies increasingly rely on autonomous coding agents, external libraries, and large-scale software ecosystems, experts warn that supply-chain vulnerabilities could become one of the most significant cybersecurity risks facing the AI industry.
