9to5mac.com web signal

OpenAI Forces ChatGPT Mac Update After TanStack Attack

openai cybersecurity ai-security supply-chain

Key insights

  • The 'Mini Shai-Hulud' supply chain attack compromised TanStack on May 11, affecting two OpenAI employee devices and limited internal source code repositories.
  • Attackers exfiltrated only limited credential material from repositories that contained the ability to sign certificates for OpenAI products.
  • OpenAI is revoking existing certificates and blocking apps signed with them; ChatGPT Mac users must update before June 12 while iOS and Windows are unaffected.

Why this matters

Supply chain attacks are increasingly targeting widely adopted open-source libraries, and the Mini Shai-Hulud compromise of TanStack shows that even organizations with mature security postures remain exposed through upstream dependencies. Code-signing infrastructure is a particularly high-value target because it gates software distribution across entire user bases, turning a limited credential theft into a forced, company-wide update cycle affecting every Mac desktop user. For AI companies shipping native desktop software at scale, the incident makes clear that supply chain security posture directly determines blast radius when upstream dependencies are hit.

Summary

OpenAI is forcing ChatGPT Mac users to update before June 12 after a supply chain attack reached its certificate-signing infrastructure. The attack, named "Mini Shai-Hulud," hit TanStack on May 11. Two OpenAI employee devices were affected, giving attackers access to a limited subset of internal source code repositories. OpenAI confirmed only limited credential material was exfiltrated and no other data or code was impacted. Essentially: a TanStack dependency compromise reached OpenAI's code-signing capability, forcing a full certificate revocation across its Mac product line. - The compromised code held the ability to sign certificates for OpenAI products, triggering revocation of all existing signatures. - Mac users need only accept the update prompt before June 12; no other action required. - iOS and Windows versions are unaffected, and OpenAI states no user data was accessed. When code-signing keys sit in compromised repositories, even a narrow credential exfiltration forces company-wide infrastructure resets.

Potential risks and opportunities

Risks

  • If exfiltrated credential material is weaponized before June 12, attacker-signed applications impersonating OpenAI software could be distributed to Mac users ahead of full certificate revocation completing.
  • Other TanStack-dependent organizations that have not yet audited their May 11 exposure may have undetected credential or signing-key exfiltration still outstanding.
  • The forced June 12 update deadline creates a user-confusion window where phishing campaigns could impersonate legitimate OpenAI update prompts targeting the Mac user base.

Opportunities

  • Open-source dependency security vendors (Snyk, Chainguard, Socket) gain a high-profile case study to accelerate budget conversations at enterprises running TanStack or similarly widespread libraries.
  • Certificate lifecycle management platforms (Venafi, DigiCert) can use this incident as validation for automated certificate rotation infrastructure, particularly for AI companies shipping native desktop software.
  • Security vendors specializing in supply chain intrusion detection gain inbound pipeline from OpenAI's public disclosure of credential-focused exfiltration activity matching malware's known behavioral signatures.

What we don't know yet

  • Whether the limited credential material exfiltrated from OpenAI's repositories on May 11 has been used or distributed by the attackers in the three weeks since the breach.
  • The full scope of the 'limited subset of internal source code repositories' accessed, and whether products or systems beyond the Mac app's certificate-signing capability were exposed.
  • Whether other organizations using TanStack have audited their own May 11 exposure, given that the Mini Shai-Hulud malware had publicly described behavior that OpenAI matched against its own activity logs.

Originally reported by 9to5mac.com

Read the original article →

Original headline: OpenAI Revokes macOS App Certificates After TanStack Supply Chain Attack — ChatGPT Desktop and Codex Apps Must Update Before June 12 or Stop Working