OpenAI has confirmed that two of its employee devices were compromised in a recent supply chain attack targeting the TanStack open-source library. While the breach led to the exfiltration of limited credential material from internal code repositories, OpenAI assures that no user data, production systems, or intellectual property were affected. The incident has necessitated security updates for macOS users of specific OpenAI applications.

Key Takeaways

• Compromised Devices: Two OpenAI employee devices were impacted by the TanStack supply chain attack.

• Data Security: No user data, production systems, or intellectual property were compromised.

• Credential Exfiltration: Limited credential material was accessed from internal code repositories.

• Security Measures: OpenAI is rotating code-signing certificates, requiring macOS users to update applications.

The TanStack Supply Chain Attack

The attack exploited a vulnerability within the TanStack npm package, a widely used open-source library. This allowed attackers to gain unauthorized access to a limited subset of internal source code repositories accessible by the two affected employees. OpenAI stated that the malicious activity observed was consistent with the malware's known behavior, focusing on credential exfiltration.

OpenAI's Response and Mitigation

Upon detecting the malicious activity, OpenAI swiftly initiated an investigation and containment process. Impacted systems were isolated, user sessions were revoked, and credentials for affected repositories were rotated. Code-deployment workflows were temporarily restricted to enhance security.

macOS Security Updates Required

As a precautionary measure, OpenAI is revoking and reissuing code-signing certificates for its macOS, iOS, and Windows products. This action is crucial to prevent the potential distribution of fake applications impersonating OpenAI. Consequently, macOS users of ChatGPT Desktop, Codex App, Codex CLI, and Atlas must update their applications to the latest versions before June 12, 2026. After this date, apps signed with the previous certificate will be blocked by macOS protections. Users of Windows and iOS applications do not need to take any action.

Broader Implications of Supply Chain Attacks

This incident highlights a growing trend of attackers targeting shared software dependencies and development tools rather than individual companies. OpenAI emphasized that the interconnected nature of modern software development, relying heavily on open-source libraries and CI/CD infrastructure, means vulnerabilities can rapidly propagate across organizations. This is the second time in recent months that OpenAI has had to rotate its macOS code-signing certificates, following a previous incident in April 2026 involving a malicious library downloaded via a GitHub Actions workflow.

Sources

• TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates, The Hacker News.

• OpenAI Addresses TanStack NPM Supply-Chain Attack Impact, TechNadu.