OpenAI Hit by TanStack Supply Chain Attack
OpenAI was impacted by a supply chain attack originating from the compromise of the TanStack open source web application development stack. Two OpenAI employee devices were infected, leading to the exfiltration of credential material from internal source code repositories. The attackers gained access to limited credential material but did not access customer data or intellectual property. OpenAI revoked affected credentials, rotated secrets, restricted deployment workflows, and revoked code-signing certificates for multiple platforms, requiring users to update applications. The incident occurred during a phased security transition, which left some devices vulnerable. OpenAI found no evidence of unauthorized software modifications or compromise of existing installations.
AI Analysis
Technical Summary
On May 11, 2026, the TeamPCP hacking group exploited weaknesses in the TanStack package publishing process, releasing 84 malicious artifacts across 42 packages, affecting over 170 packages in total. This supply chain compromise infected developer devices with the Shai-Hulud worm. OpenAI was affected downstream when two employee devices were infected, resulting in credential and secret exfiltration from internal source code repositories. The compromised credentials allowed attackers limited access to internal repositories but did not impact customer data or intellectual property. OpenAI responded by rotating credentials, revoking user sessions, restricting deployment workflows, and revoking and reissuing code-signing certificates for iOS, macOS, Windows, and Android products. macOS users must update their apps by June 12, 2026, to continue receiving updates and avoid potential functionality issues. OpenAI coordinated with platform providers to prevent misuse of stolen certificates and confirmed no unauthorized software signing or modifications occurred. The attack happened during a phased transition to hardened security configurations prompted by a previous supply chain attack affecting OpenAI's macOS signing certificates.
Potential Impact
The attack resulted in the compromise of two employee devices and the exfiltration of limited credential material from OpenAI's internal source code repositories. This allowed attackers limited access to internal code repositories but did not affect customer data or intellectual property. The compromised repositories contained code-signing certificates, which OpenAI revoked and reissued to prevent potential misuse. No evidence was found of unauthorized software modifications or compromise of existing software installations. The incident caused operational impacts requiring credential rotation, session revocation, deployment restrictions, and mandatory application updates for macOS users.
Mitigation Recommendations
OpenAI has implemented remediation by rotating all affected credentials, revoking user sessions, and temporarily restricting code deployment workflows. The company revoked and reissued all compromised code-signing certificates and coordinated with platform providers to prevent malicious use of stolen certificates. macOS users are required to update their OpenAI applications by June 12, 2026, to continue receiving updates and maintain functionality. OpenAI confirmed no unauthorized software signing or modifications occurred and found no risk to existing installations. Organizations should monitor vendor advisories for any further updates. Patch status is effectively managed by OpenAI through these actions.
OpenAI Hit by TanStack Supply Chain Attack
Description
OpenAI was impacted by a supply chain attack originating from the compromise of the TanStack open source web application development stack. Two OpenAI employee devices were infected, leading to the exfiltration of credential material from internal source code repositories. The attackers gained access to limited credential material but did not access customer data or intellectual property. OpenAI revoked affected credentials, rotated secrets, restricted deployment workflows, and revoked code-signing certificates for multiple platforms, requiring users to update applications. The incident occurred during a phased security transition, which left some devices vulnerable. OpenAI found no evidence of unauthorized software modifications or compromise of existing installations.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
On May 11, 2026, the TeamPCP hacking group exploited weaknesses in the TanStack package publishing process, releasing 84 malicious artifacts across 42 packages, affecting over 170 packages in total. This supply chain compromise infected developer devices with the Shai-Hulud worm. OpenAI was affected downstream when two employee devices were infected, resulting in credential and secret exfiltration from internal source code repositories. The compromised credentials allowed attackers limited access to internal repositories but did not impact customer data or intellectual property. OpenAI responded by rotating credentials, revoking user sessions, restricting deployment workflows, and revoking and reissuing code-signing certificates for iOS, macOS, Windows, and Android products. macOS users must update their apps by June 12, 2026, to continue receiving updates and avoid potential functionality issues. OpenAI coordinated with platform providers to prevent misuse of stolen certificates and confirmed no unauthorized software signing or modifications occurred. The attack happened during a phased transition to hardened security configurations prompted by a previous supply chain attack affecting OpenAI's macOS signing certificates.
Potential Impact
The attack resulted in the compromise of two employee devices and the exfiltration of limited credential material from OpenAI's internal source code repositories. This allowed attackers limited access to internal code repositories but did not affect customer data or intellectual property. The compromised repositories contained code-signing certificates, which OpenAI revoked and reissued to prevent potential misuse. No evidence was found of unauthorized software modifications or compromise of existing software installations. The incident caused operational impacts requiring credential rotation, session revocation, deployment restrictions, and mandatory application updates for macOS users.
Mitigation Recommendations
OpenAI has implemented remediation by rotating all affected credentials, revoking user sessions, and temporarily restricting code deployment workflows. The company revoked and reissued all compromised code-signing certificates and coordinated with platform providers to prevent malicious use of stolen certificates. macOS users are required to update their OpenAI applications by June 12, 2026, to continue receiving updates and maintain functionality. OpenAI confirmed no unauthorized software signing or modifications occurred and found no risk to existing installations. Organizations should monitor vendor advisories for any further updates. Patch status is effectively managed by OpenAI through these actions.
Technical Details
- Article Source
- {"url":"https://www.securityweek.com/openai-hit-by-tanstack-supply-chain-attack/","fetched":true,"fetchedAt":"2026-05-15T10:51:37.697Z","wordCount":1092}
Threat ID: 6a06fab9ec166c07b008cdec
Added to database: 5/15/2026, 10:51:37 AM
Last enriched: 5/15/2026, 10:51:44 AM
Last updated: 5/15/2026, 10:51:58 AM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.