OpenAI has disclosed a supply‑chain compromise tied to the TanStack npm packages as part of an operation it calls Mini Shai — Hulud. The company detected the incident and says it has not found evidence that the intrusion reached user data, its production systems, intellectual property, or that any of its software was altered. This finding frames the event as a contained supply‑chain incident rather than a confirmed breach of customer information or core systems.
In response to the discovery, OpenAI says it has taken immediate protective measures across multiple areas of its infrastructure. Those steps are intended to secure user data and internal systems and to safeguard the processes used to sign its macOS applications. The company is also updating relevant security certificates as part of its mitigation effort. OpenAI describes these actions as defensive measures to limit risk following the supply‑chain compromise.
The company has urged users of its macOS applications to install updated app versions to ensure those defensive measures take effect on end‑user devices. OpenAI specified a deadline for these updates: macOS users must install the latest versions by June 12, 2026. That requirement is presented as a necessary step to align client installations with the company’s renewed signing and certificate posture.
Sources
Replies (0)
No replies in this topic yet.
