OPENAI was hit by a supply chain attack linked to malicious TanStack packages, with two OpenAI employee devices downloading the compromised packages and exposing credential material from internal source code repositories.
According to OpenAI, the TeamPCP hacking group abused weaknesses in the package publishing process to distribute 84 malicious packages tied to the TanStack open source ecosystem, and the worm-like Mini Shai-Hulud campaign spread through trusted release pipelines, even generating valid SLSA Level 3 attestations to appear legitimate.
Researchers say the worm steals secrets from CI/CD environments and targets more than 100 credential locations, installing persistence in developer tools and spreading to other packages controlled by compromised maintainers; the campaign has affected packages linked to TanStack, UiPath and DraftLab, among others.
OpenAI stated that the security breach had a limited impact and found no evidence that customer data, production systems or intellectual property were compromised, with credentials rotated and active sessions revoked. As a precaution, OpenAI revoked affected certificates and began re-signing software, while warning macOS users to update their OpenAI apps before 12 June 2026 to avoid potential update failures.
The company also coordinated with platform providers to block abuse of stolen certificates for notarisation and reviewed previously signed software for signs of tampering, noting that the two infected devices had not yet received the updated protections likely to have blocked the malicious downloads.