AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

Our response to the TanStack npm supply chain attack

highincident

security

Source: OpenAI BlogMay 12, 2026

Summary

OpenAI discovered that two employee devices were compromised by malware hidden in a TanStack npm package (a JavaScript library downloaded from an online repository) as part of a broader supply chain attack called Mini Shai-Hulud. The attackers gained limited access to internal source code repositories and exfiltrated some credentials, but OpenAI found no evidence that customer data, production systems, or intellectual property were compromised. OpenAI responded by isolating affected systems, revoking credentials, rotating code-signing certificates (the digital signatures that verify software is authentic), and working with platform providers to prevent misuse of the compromised certificates.

Solution / Mitigation

OpenAI's explicit mitigation steps included: isolating impacted systems and identities, revoking user sessions, rotating all credentials across impacted repositories, temporarily restricting code-deployment workflows, rotating code-signing certificates for iOS, macOS, and Windows products, coordinating with platform providers to prevent unauthorized notarizations (digital certifications of software), and reviewing all previous notarizations to confirm no unauthorized software signing occurred. macOS users are required to update their applications once the certificate is fully revoked on June 12, 2026, after which macOS security protections will block new downloads and launches of apps signed with the previous certificate. Additionally, OpenAI accelerated deployment of security controls including hardened credential materials in their CI/CD pipeline (continuous integration/continuous deployment, the automated system for building and releasing software), package manager configurations with controls like minimumReleaseAge, and additional security software to validate package origins.