OpenAI confirmed a supply chain attack where hackers breached internal development systems through a compromised TanStack npm package. The Shai-Hulud malware campaign infected two employee devices, exposing code-signing certificates used for ChatGPT, Codex, and other apps across macOS, Windows, iOS, and Android. OpenAI rotated certificates and found no evidence of customer data compromise.
What Happened in the OpenAI Supply Chain Attack?
Hackers linked to the Shai-Hulud malware campaign compromised a TanStack npm package — a software tool developers use to manage coding packages. The malware infected two OpenAI employee devices that hadn’t yet received updated supply chain security protections. Investigators identified unauthorized access to a limited set of internal source code repositories connected to those employees.
What Was Exposed?
The affected repositories included code-signing certificates used for applications across macOS, iOS, Windows, and Android. These certificates are what operating systems use to verify that software comes from a trusted source and hasn’t been altered. OpenAI rotated the certificates and re-signed affected apps.
What Does This Mean for Users?
Mac users who use ChatGPT Desktop, Codex App, Codex CLI, or Atlas must install updated versions before June 12. After that date, Apple’s macOS security protections will block apps signed with the older certificates. OpenAI is forcing updates by rotating signing certificates rather than immediately revoking them, which could have broken existing installations.
Key Takeaways
- Breach via compromised TanStack npm package (Shai-Hulud campaign)
- Two employee devices infected before security updates reached them
- Code-signing certificates for macOS, Windows, iOS, Android exposed
- No evidence of customer data, production systems, or IP compromise
- Mac users must update ChatGPT, Codex, Atlas before June 12
- Attack accelerated deployment of additional supply chain protections
Frequently Asked Questions
Was my ChatGPT data exposed? OpenAI found no evidence that customer data, production systems, or intellectual property were compromised.
Do I need to do anything? If you use ChatGPT Desktop, Codex App, Codex CLI, or Atlas on Mac, make sure you’re running the latest versions before June 12. Download updates only from official OpenAI sources.
How did the attackers get in? Through a compromised TanStack npm package. The two affected employee devices hadn’t yet received OpenAI’s updated supply chain security protections.