Skip to content
Threat Feed
high threat

OpenAI Compromised via TanStack Supply Chain Attack

OpenAI was impacted by the TanStack supply chain attack, resulting in two employee devices being compromised and the exfiltration of credential material from internal source code repositories.

On May 11, 2026, the open-source web application development stack TanStack was compromised, leading to a coordinated campaign that saw over 170 packages across NPM and PyPI namespaces being infected. The TeamPCP hacking group exploited weaknesses in the package publishing process to release 84 malicious artifacts across 42 packages, resulting in developer devices being infected with the Shai-Hulud worm. OpenAI was one of the affected organizations, with two employee devices being compromised, leading to the exfiltration of credentials and other secrets from internal source code repositories. Although the scope of the compromise was limited, the attackers gained access to several internal source code repositories.

Attack Chain

  1. The TeamPCP group exploited vulnerabilities in the TanStack package publishing process.
  2. Malicious artifacts were released across 42 packages, resulting in 84 malicious packages.
  3. Over 170 packages across several high-profile NPM and PyPI namespaces were compromised.
  4. Developer devices were infected with the Shai-Hulud worm.
  5. Two OpenAI employee devices were infected as part of the supply chain attack.
  6. Credential material was exfiltrated from internal source code repositories.
  7. Attackers gained access to code-signing certificates for iOS, macOS, Windows, and Android products.
  8. OpenAI is revoking certificates and re-signing applications to mitigate the impact.

Impact

The compromise of two OpenAI employee devices resulted in the exfiltration of credential material, including code-signing certificates for iOS, macOS, Windows, and Android products. Although no customer data or intellectual property was affected, OpenAI is revoking the compromised certificates and requiring macOS users to update their applications by June 12, 2026, to prevent the potential distribution of fake applications. Failure to update macOS applications will result in the products ceasing to receive updates and potentially malfunctioning.

Recommendation

  • Monitor for unauthorized use of code-signing certificates related to OpenAI products (macOS applications, iOS, macOS, Windows, Android products) on internal networks.
  • Deploy the Sigma rule detecting Shai-Hulud worm-related activity to identify potential infections within the environment.
  • Review notarization logs for software signed using previous OpenAI certificates to confirm no unauthorized modifications have occurred, as mentioned in the overview.

Detection coverage 2

Detect Shai-Hulud Worm Infection

high

Detects potential Shai-Hulud worm infection activity based on process creation events. This worm was used in the TanStack supply chain attack that compromised OpenAI.

sigma tactics: initial_access techniques: T1199 sources: process_creation, windows

Detect macOS Application Update Attempts Post Compromise

medium

Detects attempts to update macOS applications after the certificate revocation date, which may indicate malicious activity. Targets updates of OpenAI applications after June 12, 2026.

sigma tactics: defense_evasion techniques: T1562 sources: file_event, macos

Detection queries are available on the platform. Get full rules →