OpenAI says supply-chain attack hit two employee devices, no user data exposed

OpenAI said a supply-chain attack tied to the TanStack npm open-source library reached two employee devices inside its corporate environment, but found no evidence that customer data was accessed. The company said its production systems, intellectual property and software were not compromised or altered, even as it treated the incident as part of a broader campaign it called Mini Shai-Hulud.

OpenAI said the compromise occurred on May 11, 2026 UTC and involved limited credential material exfiltrated from a limited subset of internal source code repositories. The company said it revoked user sessions, rotated credentials across impacted repositories, temporarily restricted code-deployment workflows and brought in a third-party digital forensics and incident response firm. OpenAI also said it had not seen evidence of misuse of the impacted credentials or follow-on access by the threat actor.

The episode underscores how a modern AI company can be exposed through the software it depends on, not just through its customer-facing systems. OpenAI said the affected repositories included signing certificates for products on iOS, macOS and Windows, a reminder that the security perimeter around an AI platform extends into build systems, developer tooling, signed binaries and employee devices. A compromise in an open-source dependency can ripple outward fast, especially when that dependency sits inside widely reused package ecosystems like npm and PyPI.

Independent security reporting said the broader Mini Shai-Hulud campaign compromised 42 TanStack packages and 84 malicious versions, with additional packages linked to Mistral AI, UiPath and OpenSearch also swept into the wave. That wider pattern shows the problem is not confined to one vendor or one repository. It is a supply-chain issue that can move through the open-source stack and reach multiple companies at once, turning trusted software distribution into an attack surface.

OpenAI said macOS users must update their apps by June 12, 2026 because it is rotating code-signing certificates used to verify legitimate OpenAI applications. The company’s warning matters because “no user data breached” does not mean no risk to users or enterprises. It means the breach did not reach customer data, while still leaving the industry to contend with compromised credentials, signed build artifacts and the fragile trust chain that modern software depends on.