OpenAI revealed that two employee devices within its corporate network were affected by the Mini Shai-Hulud supply chain attack on TanStack. The company emphasized that no user data, production systems, or intellectual property were accessed, altered, or compromised. “Once we detected the suspicious activity, we acted swiftly to investigate, contain the threat, and implement measures to safeguard our systems,” OpenAI stated. We detected behavior matching the malware’s known patterns — such as unauthorized access and credential-related data exfiltration — in a small number of internal source code repositories that the two affected employees could access. The AI startup reported that only a small amount of credential data was successfully exfiltrated from the affected code repositories, with no other information or source code compromised. After being notified of the incident, OpenAI isolated the affected systems and accounts, terminated active user sessions, rotated all credentials in the impacted repositories, temporarily suspended code-deployment processes, and conducted a thorough audit of user and credential activity. Because the compromised repositories contained signing certificates for iOS, macOS, and Windows products, the company has revoked those certificates and issued replacements. As a result, macOS users of ChatGPT Desktop, Codex App, Codex CLI, and Atlas must update their apps to the latest versions. „This helps prevent any risk, however unlikely, of someone attempting to distribute a fake app that appears to be from OpenAI,“ OpenAI said. Users do not need to do anything for the Windows and iOS apps. New downloads and launches of apps signed with the old certificate will be blocked by macOS’s built-in protections once the certificates are revoked on June 12, 2026. Users are recommended to install the updates prior to the deadline to ensure the best possible security. This marks the second instance in consecutive months that OpenAI has updated its code-signing certificates for macOS. In mid-April 2026, it rotated its certificates after a GitHub Actions workflow used to sign its macOS apps caused the malicious Axios library—compromised by the North Korean hacking group UNC243—to be downloaded on March 31.
„This incident reflects a broader shift in the threat landscape: attackers are increasingly targeting shared software dependencies and development tooling rather than any single company,“ OpenAI said. „Modern software is built on a deeply interconnected ecosystem of open-source libraries, package managers, and CI/CD infrastructure, which means that a vulnerability introduced upstream can spread widely and rapidly across organizations.“
The Hacker News