OpenAI has confirmed that two employee devices were compromised during the recent TanStack supply-chain attack, a widespread malware campaign that targeted developers through malicious updates pushed to trusted open-source software packages.
The company said the incident was linked to the “Mini Shai-Hulud” campaign, an operation attributed to the TeamPCP extortion group. Attackers compromised multiple npm and PyPI packages used by developers worldwide, including packages connected to TanStack and other AI-related projects.
According to OpenAI, the attack did not expose customer data, production systems, deployed software, or intellectual property. However, investigators confirmed that limited credential material was stolen from a small number of internal code repositories accessible to the affected employees.
OpenAI said the malware reached the two employee devices before recently deployed supply-chain protections had been fully rolled out internally. Once the compromise was discovered, the company isolated impacted systems, revoked sessions, rotated credentials, and temporarily restricted parts of its code deployment infrastructure.
The attack also exposed code-signing certificates tied to OpenAI software products, including applications for macOS, Windows, and iOS. As a precaution, OpenAI is rotating those certificates and requiring macOS users to update ChatGPT Desktop, Codex, and Atlas applications before June 12, 2026. Older versions signed with the previous certificates will stop functioning after that date due to macOS security protections.
OpenAI stressed that it found no evidence that malicious software had been signed using the compromised certificates and said published software builds had not been altered. The company also stated there was no indication that attackers gained follow-on access using the stolen credentials.
The broader campaign targeted software supply chains rather than individual companies directly. Attackers reportedly uploaded 84 malicious versions across 42 TanStack packages during a short time window before researchers detected and removed them. The malware was designed to steal developer credentials, cloud access keys, GitHub tokens, SSH keys, and CI/CD secrets from infected systems.
OpenAI said it has accelerated additional protections following the breach, including stricter package verification controls, hardened CI/CD security measures, and updated package manager configurations designed to reduce exposure to newly published malicious packages.