OpenAI confirms supply chain attack on TanStack, no user data breached

OpenAI confirmed a supply chain attack on the popular open source library TanStack, in which attackers published 84 malicious npm package versions within a six-minute window on May 11, 2026 ^[1]. The attack was detected by researchers within 20 minutes of the malicious packages going live ^[1].

OpenAI revealed on May 13 that two employee devices were impacted by the attack and it began an internal investigation ^{[2, 1]}. By May 14, the company stated no evidence was found that user data, production systems, intellectual property, or software were compromised ^{[3, 2, 1]}. "We have found no evidence of compromise or risk to existing software installations," OpenAI said ^[1].

However, OpenAI did confirm "limited credential material from internal source code repositories accessible by the impacted employees was stolen" ^{[2, 1]}. To mitigate risks, OpenAI is rotating code signing certificates and requiring macOS users to update their OpenAI application by June 12, 2026 ^{[3, 2, 1]}.

The TanStack project published a post-mortem noting the rapid publishing and detection of the malicious npm package versions ^[1]. These 84 versions were released in a brief six-minute span before being removed following detection ^[1].

OpenAI’s response includes ongoing certificate rotations and software updates to ensure security. macOS users must complete the update by the June 12 deadline to avoid potential risks from the compromised supply chain components ^[3].