OpenAI Confirms Employee Device Breach in TanStack npm Supply Chain Attack, Rotates Code-Signing Certificates
OpenAI disclosed that two employees' devices were compromised in the TanStack supply chain attack linked to the TeamPCP extortion gang, prompting the company to rotate code-signing certificates and requiring macOS users to update by June 12.
OpenAI has confirmed that two of its employees' devices were breached as part of the ongoing TanStack npm supply chain attack, a campaign attributed to the TeamPCP extortion gang that has compromised hundreds of npm and PyPI packages. The company said the incident did not impact customer data, production systems, intellectual property, or deployed software, but it has taken the precautionary step of rotating code-signing certificates for its applications.
The breach is linked to the "Mini Shai-Hulud" supply-chain campaign by TeamPCP, which targeted developers by slipping malicious updates into trusted software packages. OpenAI stated that it "observed activity consistent with the malware's publicly described behavior" on the two compromised employee devices. The company emphasized that its production systems remained isolated from the affected endpoints.
As a result of the incident, OpenAI is requiring all macOS users to update their OpenAI applications by June 12, 2026. After that date, older versions will no longer receive updates or support and the service may not function properly. The new certificates included in the update are intended to help "customers know that software comes from the legitimate developer, OpenAI."
The TanStack supply chain attack, first disclosed in early May, has had cascading effects across the software ecosystem. The campaign saw malicious code injected into popular open-source libraries, with the attackers targeting signing keys and developer credentials. OpenAI's disclosure confirms that even major AI companies with mature security postures are not immune to the downstream effects of compromised open-source dependencies.
Security researchers have urged organizations to audit their software supply chains for any use of compromised packages and to rotate any credentials or secrets that may have been exposed. The incident underscores the growing risk of supply chain attacks targeting developer tooling and the importance of code-signing integrity in verifying software authenticity.