OpenAI confirms TanStack device breach

OpenAI said on May 13 that two employee devices in its corporate environment were affected by the TanStack npm supply-chain attack, part of a broader campaign known as “Mini Shai-Hulud.” The company said it found no evidence that user data was accessed, that production systems or intellectual property were compromised, or that its software was altered. The disclosure added OpenAI to a growing list of companies responding to software supply-chain incidents tied to widely used developer dependencies. OpenAI also told macOS users to update its desktop apps by June 12 after rotating security certificates used to verify legitimate software. ### Which OpenAI systems were hit, and what does the company say was not affected? OpenAI said the malicious TanStack package reached two employee devices inside its corporate environment after the upstream library was compromised on May 11, 2026 UTC. The company said it investigated and contained the activity after identifying it. (openai.com) The company said it found no evidence that OpenAI user data was accessed, that production systems were compromised, that intellectual property was taken, or that software shipped to users was modified. That statement narrows the confirmed impact to internal employee endpoints rather than customer-facing systems, based on OpenAI’s account. (openai.com) ### Why are Mac users being told to update OpenAI apps by June 12? OpenAI said the TanStack incident led it to update the security certificates used to sign its macOS applications. Those certificates help Apple and users verify that an app distributed as ChatGPT, Codex or Atlas is a legitimate OpenAI build. June 12, 2026 is the deadline OpenAI gave macOS users to install the latest versions of its apps. (openai.com) OpenAI said the update is required because of the certificate rotation and is intended to reduce the risk that someone could try to distribute a fake app appearing to come from the company. ### Which apps are included in the certificate update? (openai.com) OpenAI’s May 13 notice referred broadly to “OpenAI apps” on macOS and separately named ChatGPT, Codex and Atlas in its public explanation of the certificate update. An earlier April 10 OpenAI disclosure about a separate Axios developer-tool compromise said signing and notarization material covered ChatGPT Desktop, Codex, Codex-cli and Atlas, showing the company has recently been rotating certificates across multiple Mac applications. (openai.com) OpenAI’s public materials show Codex remains an active desktop product on Mac, including recent documentation updates tied to using Codex from the ChatGPT mobile app. Atlas is also listed in OpenAI help documentation as an early-access browser product for business and enterprise customers. ### How does this fit with OpenAI’s earlier security notice in April? (openai.com) OpenAI published a separate security post on April 10 about an Axios-related developer-tool compromise. In that case, the company said a GitHub Actions workflow in its macOS app-signing process had downloaded and executed a malicious Axios package on March 31, 2026 UTC. (developers.openai.com) That April notice also said OpenAI had found no evidence that user data, systems or intellectual property were compromised, and it similarly required macOS users to update apps after certificate rotation. The new TanStack disclosure shows OpenAI is again responding to a supply-chain incident by changing app-signing material and pushing client updates, according to the company’s own statements. (openai.com) ### What should users do now, and where is OpenAI posting updates? OpenAI said macOS users should update to the latest versions of its apps through official distribution channels before June 12, 2026. The company posted the TanStack response on its website’s security and company news pages, where it has also published earlier incident notices. (openai.com) OpenAI’s help center and product pages continue to list active ChatGPT, Codex and Atlas materials, but the company’s incident guidance points users back to the May 13 security notice for the deadline and the reason for the update. June 12 is the next concrete milestone OpenAI has named in its public response. (openai.com)