OpenAI disclosed on Wednesday that hackers linked to the Shai-Hulud malware campaign breached its internal development environment by compromising the TanStack npm package, an open-source software tool used for managing coding packages. The malware infected two employee devices, granting attackers access to a limited number of internal code repositories containing code-signing certificates for macOS, Windows, and iOS products. OpenAI stated that no customer data, production systems, or intellectual property were compromised, and it is rotating the affected certificates as a precaution. macOS users will need to update their apps before June 12 to avoid functionality issues. This incident follows similar attacks on Microsoft and Mistral AI earlier this week, where malicious code was inserted into software packages distributed via PyPI. OpenAI emphasized that the attack reflects a broader trend of cybercriminals targeting shared software dependencies and development tools across the tech industry, rather than focusing on a single company.

Key facts

• Malware infected two employee devices via compromised TanStack npm package.
• Attackers accessed code repositories with code-signing certificates for macOS, Windows, iOS.
• No customer data, production systems, or intellectual property were compromised.
• macOS users must update OpenAI apps before June 12; certificates being rotated.
• Similar attacks targeted Microsoft and Mistral AI earlier in the same week.