OpenAI Hit by TanStack Supply Chain Attack

OpenAI has disclosed the impact of the recent TanStack supply chain attack, warning that credential material was exfiltrated from internal source code repositories. The open source web application development stack TanStack was hit on May 11, when the TeamPCP hacking group exploited security weaknesses in the package publishing process to release 84 malicious artifacts across 42 packages. Over 170 packages across several high-profile NPM and PyPI namespaces were compromised on the same day as part of a coordinated campaign. Developer devices were infected with the Shai-Hulud worm. OpenAI was one of the organizations affected downstream. Two employee devices were infected as part of the attack, and credentials and other secrets were exfiltrated from them. Despite its limited scope, the compromise granted the attackers access to several internal source code repositories that the two OpenAI employees had access to. “We confirmed that only limited credential material was successfully exfiltrated from these code repositories and that no other information or code was impacted,” OpenAI says. The company says it has rotated credentials across all affected repositories, revoked user sessions, and temporarily restricted code-deployment workflows. No customer data or intellectual property was affected in the attack, it says. The compromised repositories contained code-signing certificates for iOS, macOS, Windows, and Android products, and OpenAI decided to revoke the certificates and re-sign all applications. macOS users will need to update their applications by June 12, 2026. After that date, these products will no longer receive updates and might stop functioning properly. “We are updating our security certificates, which will require all macOS users to update their OpenAI apps to the latest versions. This helps prevent any risk, however unlikely, of someone attempting to distribute a fake app that appears to be from OpenAI,” the company says. OpenAI says it is also coordinating with platform providers to stop new notarizations and prevent the malicious use of the stolen certificates. “We have also reviewed all notarization of software using our previous certificates to confirm no unexpected software signing has occurred with these keys, and validated that our published software did not have unauthorized modifications. We have found no evidence of compromise or risk to existing software installations,” the company says. The incident, OpenAI says, occurred during the transition to hardened configurations and credentials material, which was prompted by the Axios supply chain attack that occurred at the end of March, and which affected a certificate and notarization material used to sign OpenAI’s macOS applications. Because the transition was implemented in phases, the two employee devices had not yet been updated with the new configurations, which would have prevented the malicious package downloads. Related: DigiCert Revokes Certificates After Support Portal Hack Related: Worries About AI’s Risks to Humanity Loom Over the Trial Pitting Musk Against OpenAI’s Leaders Related: Checkmarx Confirms Data Stolen in Supply Chain Attack Related: OpenAI Widens Access to Cybersecurity Model After Anthropic’s Mythos Reveal WRITTEN BY Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. More from Ionut Arghire Chinese APTs Expand Targets, Update Backdoors in Recent Campaigns F5 Patches Over 50 Vulnerabilities Hackers Targeted PraisonAI Vulnerability Hours After Disclosure Researcher Drops YellowKey, GreenPlasma Windows Zero-Days Government to Scrutinize Instructure Over Canvas Disruption, Data Breach 716,000 Impacted by OpenLoop Health Data Breach Fortinet, Ivanti Patch Critical Vulnerabilities Chipmaker Patch Tuesday: Intel and AMD Patch 70 Vulnerabilities Latest News Microsoft Warns of Exchange Server Zero-Day Exploited in the Wild American Lending Center Data Breach Affects 123,000 Individuals TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code Chrome 148 Update Patches Critical Vulnerabilities Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026 Enhancing Data Center Security Without Sacrificing Performance New Linux Kernel Vulnerability Fragnesia Allows Root Privilege Escalation Mythos Proves Potent in Vulnerability Discovery, Less Convincing Elsewhere Trending Webinar: Third-Party Risk In Practice June 4, 2026 Organizations are investing heavily in third-party risk management, but breaches, delays, and blind spots continue to persist. Join this live webinar as we examine the gap between how organizations think their third-party risk programs are performing and what’s actually happening in practice. Register Virtual Event: Threat Detection And Incident Response Summit May 20, 2026 Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register People on the Move Tim Byrd has been appointed Chief Information Security Officer at First Citizens Bank. IRONSCALES has named Steve McKenzie as Chief Operating Officer. Silvio Pappalardo has joined AuthMind as Chief Revenue Officer. More People On The Move Expert Insights Enhancing Data Center Security Without Sacrificing Performance For AI data centers, where the stakes are the highest and performance constraints are the tightest, security and performance are no longer a zero-sum game. (Nadir Izrael) Is The SOC Obsolete, And We Just Haven’t Admitted It Yet? Many AI-first enterprises have already embraced sovereign architectures for general AI initiatives; cybersecurity—and the SOC—should be next. (Danelle Au) The Mythos Moment: Enterprises Must Fight Agents With Agents Only with the right platform and an agentic, AI-driven defense, will enterprises be able to protect themselves in the agentic era. (Etay Maor) Why Cybersecurity Must Rethink Defense In The Age Of Autonomous Agents From autonomous code generation to decision-making systems that initiate actions without human intervention, the industry is entering a new phase. (Torsten George) Government Can’t Win The Cyber War Without The Private Sector Securing national resilience now depends on faster, deeper partnerships with the private sector. (Steve Durbin) Flipboard Reddit Whatsapp Email