OpenAI discloses code-security incident after hackers stole employee data

OpenAI said on May 13 that two employee devices were affected by the TanStack npm supply-chain attack and that attackers obtained unauthorized access to a limited subset of internal source-code repositories those employees could reach. The company said “only limited credential material” was taken from the affected repositories and that it found no evidence user data, production systems, intellectual property or software were compromised. (openai.com) As a precaution, OpenAI said it is rotating digital certificates tied to its macOS apps and requiring users to update by June 12. The disclosure landed as OpenAI was expanding a separate cyber-defense push around GPT-5.5. (openai.com) On May 7, the company said it was rolling out GPT-5.5-Cyber in limited preview for vetted defenders responsible for critical infrastructure, and its Daybreak cybersecurity site says the initiative is aimed at helping teams find, validate and remediate vulnerabilities faster. ### How did OpenAI get caught up in the TanStack attack? TanStack said the compromise began on May 11, 2026 UTC, when malicious versions of its widely used open-source packages were published as part of what OpenAI called the broader “Mini Shai-Hulud” attack. OpenAI said two employee devices in its corporate environment were impacted after that upstream compromise. (openai.com) TechCrunch reported on May 14 that TanStack published 84 malicious versions during a six-minute window and said a researcher detected the issue within 20 minutes. OpenAI’s own incident post says the company moved to investigate and contain the activity once it identified the malicious behavior. (openai.com) ### What exactly did OpenAI say was taken? OpenAI said attackers gained unauthorized access to “a limited subset” of internal source-code repositories available to the two affected employees and stole limited credential material from those repositories. The company did not say the attackers reached customer systems or production environments. (openai.com) The company said the affected repositories contained digital certificates used to sign OpenAI products, which is why it is rotating certificates and requiring macOS users to update their apps. OpenAI said it had found no evidence of compromise or risk to existing software installations, but it is treating the signing process as sensitive enough to warrant replacement. (techcrunch.com) ### Why is OpenAI talking about Daybreak and GPT-5.5-Cyber at the same time? OpenAI said on May 7 that GPT-5.5-Cyber was being offered in limited preview to defenders securing critical infrastructure under its Trusted Access for Cyber program. The company said vetted users would receive fewer classifier-based refusals for authorized defensive work such as vulnerability identification, triage, malware analysis, reverse engineering and patch validation, while safeguards would continue to block credential theft, stealth, persistence, malware deployment and exploitation of third-party systems. (openai.com) Daybreak, which OpenAI describes as its cybersecurity offering, says the program is built around secure code review, threat modeling, patch validation, dependency-risk analysis, detection and remediation guidance. (openai.com) The site says OpenAI is preparing to deploy “increasingly more cyber-capable models” with industry and government partners in the coming weeks. ### Are other groups seeing AI become more useful for cyberattacks? Google Threat Intelligence Group said on May 11 it had identified, for the first time, a threat actor using a zero-day exploit that it believes was developed with AI. Google said the actor planned a mass-exploitation event, though the company said its proactive discovery may have prevented the exploit’s use. (openai.com) The same Google report said threat actors tied to China and North Korea had shown significant interest in using AI for vulnerability discovery, and that suspected Russia-linked actors were using AI-driven coding to accelerate obfuscation and malware development. (openai.com) ### How capable are the newest models at finding vulnerabilities? The U.K. AI Security Institute said on April 30 that GPT-5.5 was “one of the strongest models” it had tested on cyber tasks and the second model to solve one of its multi-step cyber-attack simulations end-to-end. AISI said GPT-5.5 posted a 71.4% average pass rate on its expert-level advanced cyber tasks, compared with 68.6% for Anthropic’s Claude Mythos Preview, 52.4% for GPT-5.4 and 48.6% for Opus 4.7. (cloud.google.com) AISI said on April 13 that Claude Mythos Preview had been the first model to complete its corporate-network attack simulation end-to-end, and on May 13 it said recent models including Mythos Preview and GPT-5.5 had exceeded its earlier trend lines for cyber-task progress. (cloud.google.com) June 1, 2026 is the next concrete milestone in OpenAI’s cyber program. The company said individual Trusted Access for Cyber users accessing its most cyber-capable and permissive models will be required to enable Advanced Account Security starting that day, while macOS users affected by the certificate rotation have until June 12 to update OpenAI apps. (aisi.gov.uk) (openai.com) (aisi.gov.uk)