OpenAI has revealed that it was affected by a supply chain attack on TanStack, an open source web application development stack. The breach occurred on May 11 when the TeamPCP hacking group exploited vulnerabilities in the package publishing process, releasing malicious artifacts across numerous packages. This attack compromised over 170 packages in well-known NPM and PyPI namespaces and led to the infection of developer devices with the Shai-Hulud worm.

As a result of the attack, two OpenAI employee devices were compromised, allowing attackers to access multiple internal source code repositories. While the breach did not affect user data or production systems, credential material was extracted from these repositories. OpenAI swiftly responded by rotating credentials, revoking user sessions, and temporarily limiting code deployment processes. The compromised repositories included code-signing certificates for various operating systems, prompting OpenAI to revoke and re-sign all applications.

To mitigate further risks, OpenAI has informed macOS users to update their applications by June 12, 2026, to ensure continuous updates and functionality. The company is also working with platform providers to halt new notarizations and prevent misuse of the stolen certificates. A thorough review confirmed no unauthorized software signing or modifications occurred with the previous certificates. The incident highlighted the importance of transitioning to hardened configurations, a process initiated after a prior supply chain attack in March. The affected employee devices had not been updated with these new configurations, which could have prevented the malicious downloads.