OpenAI has confirmed that a software supply chain attack on the open-source library TanStack compromised two employee devices, forcing a mandatory update of the ChatGPT Mac desktop app by June 12 to revoke compromised certificate signing capabilities.
Attack Vector and Compromise
The breach, identified on May 11, 2026, is part of a broader campaign dubbed “Mini Shai-Hulud,” which targeted the widely used TanStack library. OpenAI’s investigation, conducted with a third-party digital forensics and incident response firm, revealed that two corporate devices were impacted by the malicious code.
The malware exhibited behavior consistent with public descriptions of the attack, including unauthorized access to internal source code repositories. According to OpenAI, only a limited subset of credential material was exfiltrated, and no user data or broader OpenAI systems were compromised.
Why the Mac App Must Be Updated
The critical detail is that the compromised code included the ability to sign certificates for OpenAI products. To mitigate risk, the company is revoking all existing certificates and blocking the launch of any app signed with the previous certificate.
This action forces a mandatory update for the ChatGPT Mac desktop app. Users will receive a prompt to install the update between now and June 12. OpenAI has stated that no action is required for iOS or Windows apps, and additional guidance will be provided to Mac users.
What This Means for Enterprise Users
This incident underscores the escalating risk of supply chain attacks targeting widely adopted open-source dependencies. For organizations relying on the ChatGPT Mac app, the forced update is a necessary precaution against potential credential theft and unauthorized certificate usage.
While OpenAI has found no evidence of data access, the attack highlights how even limited credential exfiltration can threaten the integrity of software signing chains. Enterprise security teams should treat this update as a priority and monitor for any further advisories.
— Originally reported by 9to5Mac. Adapted and republished with editorial context for MacThreat.
