OpenAI: internal data compromised after installation of the booby-trapped TanStack library
OpenAI confirmed in May 2026 that two employee devices were compromised through the TanStack npm supply-chain attack, allowing attackers to exfiltrate limited authentication credentials from internal code repositories that contained its software signing certificates.
- Victim
- OpenAI