Skip to content
Supply chainContained

OpenAI: internal data compromised after installation of the booby-trapped TanStack library

OpenAI confirmed in May 2026 that two employee devices were compromised through the TanStack npm supply-chain attack, allowing attackers to exfiltrate limited authentication credentials from internal code repositories that contained its software signing certificates.

Victim
OpenAI

On 15 May 2026, OpenAI β€” the San Francisco AI lab behind ChatGPT β€” confirmed it had been caught up in a software supply-chain attack targeting the widely used TanStack npm library ecosystem. Around 11 May 2026, attackers behind a campaign dubbed "Mini Shai-Hulud" published malicious versions of dozens of @tanstack/* packages; when two OpenAI employees installed or updated the booby-trapped library, malware ran in their development environments.

The malicious code was built to harvest secrets from developer and CI environments β€” cloud credentials, Kubernetes and Vault tokens, npm and GitHub tokens, and SSH keys. On the two affected machines, the attackers carried out credential-focused exfiltration against a limited set of internal repositories reachable from those devices. Critically, some of those repositories held OpenAI's software signing certificates for macOS, Windows, iOS, and Android.

Data and assets involved:

  • Limited authentication credentials from internal code repositories
  • Internal repository contents accessible to the two affected employees
  • Software signing certificates for macOS, Windows, iOS, and Android present in those repos
  • No evidence of access to user data, production systems, AI models, or intellectual property

OpenAI isolated the affected systems, revoked the exposed credentials and user sessions, and renewed all of its software signing certificates, republishing its applications under new signatures. Because old certificates are being fully revoked on 12 June 2026, macOS users were instructed to update ChatGPT Desktop, the Codex app, Codex CLI, and Atlas before that date. OpenAI said it found no evidence of unauthorized software modification or of malicious applications distributed using its certificates.

Sources

  1. cyberattaque.orghttps://www.cyberattaque.org/openai-des-donnees-internes-compromises-apres-linstallation-de-la-bibliotheque-piegee-tanstack/
  2. bleepingcomputer.comhttps://www.bleepingcomputer.com/news/security/openai-confirms-security-breach-in-tanstack-supply-chain-attack/
  3. theregister.comhttps://www.theregister.com/security/2026/05/15/openai-caught-in-tanstack-npm-supply-chain-chaos-after-employee-devices-compromised/5241019
  4. thehackernews.comhttps://thehackernews.com/2026/05/tanstack-supply-chain-attack-hits-two.html

Related incidents

Supply chainContained

Leak at Discord

On 4 October 2025 Discord disclosed a breach of a third-party customer-support provider that exposed support-ticket data and roughly 70,000 government-ID photos (submitted for age-verification appeals), plus names, emails, IP addresses and partial billing details.

Victim
Discord
Records
70.0K