Our response to the TanStack npm supply chain attack

OpenAI Blog · 2026-05-13

OpenAI discloses that two employee devices were compromised in the TanStack npm supply chain attack on May 11, 2026, resulting in limited credential exfiltration from internal repositories, and requires macOS users to update applications by June 12, 2026 following code-signing certificate rotation.

Open original ↗

Appears in

AI as Attack Tool and Attack Target: May 2026 Cybersecurity Moment

Extraction

Topics: supply-chain-securitycybersecurityopenaiincident-responsesoftware-security

Claims

Two OpenAI employee devices were compromised through the TanStack npm supply chain attack (Mini Shai-Hulud) on May 11, 2026, with only limited credentials exfiltrated from internal source code repositories.
No customer data, production systems, intellectual property, or published OpenAI software was compromised or altered.
The compromised repositories included code-signing certificates for OpenAI iOS, macOS, and Windows applications, requiring a full certificate rotation.
macOS users must update OpenAI apps by June 12, 2026 or applications will stop functioning when the old certificate is revoked.
The incident occurred during a phased rollout of supply chain security controls; the two affected devices had not yet received configurations that would have blocked the malicious package.

Key quotes

We found no evidence that OpenAI user data was accessed, that our production systems or intellectual property were compromised, or that our software was altered.

This incident reflects a broader shift in the threat landscape: attackers are increasingly targeting shared software dependencies and development tooling rather than any single company.

The two impacted employee devices did not have the updated configurations that would have prevented the download of the newly observed package containing malware.