A sophisticated supply chain attack targeting the TanStack open-source ecosystem compromised two OpenAI employee devices, prompting the company to revoke code-signing certificates and force mandatory macOS updates for several of its applications.
Incident Scope and Immediate Response
OpenAI confirmed that the malicious activity was consistent with the Mini Shai-Hulud worm’s publicly documented behavior, including unauthorized access and credential-focused exfiltration from a limited subset of internal source code repositories. The two impacted employees had access to those repositories, but the company stated that no user data, production systems, or intellectual property were compromised.
Upon detection, OpenAI isolated the affected systems and identities, revoked user sessions, rotated all credentials across impacted repositories, and temporarily restricted code-deployment workflows. The company also audited user and credential behavior to ensure no further unauthorized access occurred.
Certificate Revocation and Update Requirements
Because the impacted repositories included signing certificates for iOS, macOS, and Windows products, OpenAI revoked those certificates and issued new ones. As a result, macOS users of ChatGPT Desktop, Codex App, Codex CLI, and Atlas must update their applications to the latest versions before June 12, 2026, when the old certificates will be blocked by built-in macOS protections.
“This helps prevent any risk, however unlikely, of someone attempting to distribute a fake app that appears to be from OpenAI,” the company noted. Windows and iOS users are not required to take any action.
Broader Supply Chain Threat Landscape
This marks the second time in two months OpenAI has rotated its macOS code-signing certificates. In mid-April 2026, the company took similar action after a GitHub Actions workflow downloaded a compromised Axios library, attributed to North Korean hacking group UNC1069.
“This incident reflects a broader shift in the threat landscape: attackers are increasingly targeting shared software dependencies and development tooling rather than any single company,” OpenAI stated. The company emphasized that modern software’s interconnected ecosystem of open-source libraries and CI/CD infrastructure allows vulnerabilities to propagate rapidly across organizations.
Implications for Enterprise Security
The TanStack compromise is part of a wider campaign by the TeamPCP group, which has targeted multiple organizations including UiPath, Mistral AI, OpenSearch, and Guardrails AI. The attackers exploited a sophisticated CI pipeline manipulation technique, stealing publish tokens at the moment of creation through a cache that all parties implicitly trusted.
For enterprises, this incident underscores the critical need to audit supply chain dependencies, implement strict CI/CD security controls, and maintain rapid certificate rotation capabilities. As attackers increasingly weaponize trust relationships within open-source ecosystems, organizations must treat development tooling and package managers as high-value attack surfaces requiring continuous monitoring and proactive defense.
— Originally reported by The Hacker News. Adapted and republished with editorial context for MacThreat.
