Our response to the TanStack npm supply chain attack

We recently identified a security issue involving a common open-source library, TanStack npm, that is part of a broader attack known as Mini Shai-Hulud(opens in a new window). We found no evidence that OpenAI user data was accessed, that our production systems or intellectual property were compromised, or that our software was altered. We have taken decisive steps to protect our user data, systems, and intellectual property. As part of our response, we are taking steps to protect the process that certifies our macOS applications are legitimate OpenAI apps. Update your macOS applications by June 12, 2026 We are updating our security certificates, which will require all macOS users to update their OpenAI apps to the latest versions. This helps prevent any risk, however unlikely, of someone attempting to distribute a fake app that appears to be from OpenAI. You can update safely through an in-app update or at the official links below: The security and privacy of your information are a top priority. We’re committed to being transparent and taking quick action when issues arise. We’re sharing more technical details and FAQs below. On May 11, 2026 UTC, TanStack, a widely used open-source library, was compromised as part of a broader software supply chain attack known as Mini Shai-Hulud(opens in a new window). Two employee devices in our corporate environment were impacted by this attack. Upon identification of the malicious activity, we worked quickly to investigate, contain, and take steps to protect our systems. As part of our investigation and response, we engaged a third-party digital forensics and incident response firm. We observed activity consistent with the malware’s publicly described behavior, including unauthorized access and credential-focused exfiltration activity, in a limited subset of internal source code repositories to which the two impacted employees had access. We confirmed that only limited credential material was successfully exfiltrated from these code repositories and that no other information or code was impacted. We acted immediately to contain the activity. We isolated impacted systems and identities, revoked user sessions, rotated all credentials across impacted repositories, temporarily restricted code-deployment workflows, and thoroughly scrutinized user and credential behavior. As part of our investigation, we have not observed evidence of impact to customer data, or our intellectual property, and our analysis has not identified misuse of impacted credentials or follow-on access by the threat actor. The impacted source code repositories included signing certificates for our products, including iOS, macOS, and Windows. As a result, we are rotating code-signing certificates as a precaution, which will require macOS users to update their applications. Users do not need to take any action for Windows and iOS apps. Additional guidance will be provided to macOS users regarding these required updates. In addition to rotating certificates, we are coordinating with platform providers to prevent any unauthorized use of these certificates by stopping new notarizations. We have also reviewed all notarization of software using our previous certificates to confirm no unexpected software signing has occurred with these keys, and validated that our published…