OpenAI Discloses Security Breach Linked to Major Supply Chain Attack on Developer Tools

OpenAI confirmed a security breach affecting two employee devices during a widespread supply chain attack, prompting certificate rotations and security measures while customer data remained secure.

Editorial Team · May 15, 2026 · 2 min read · Source: bleepingcomputer.com

OpenAI has confirmed that two employee devices were compromised in a recent large-scale supply chain attack that infiltrated hundreds of npm and PyPI packages. The breach forced the company to rotate code-signing certificates used for their applications as a precautionary measure to maintain software integrity.

The incident is connected to the extensive "Mini Shai-Hulud" campaign orchestrated by the extortion group TeamPCP, which inserted malicious updates into trusted development packages. OpenAI stated that the breach did not affect customer data, intellectual property, production systems, or deployed software, limiting the incident's scope internally.

OpenAI detected unauthorized access and credential theft activity confined to a small set of internal source code repositories accessible to the impacted employees. Although some credentials were stolen, the company found no evidence these were exploited in further attacks. To contain the breach, OpenAI isolated affected systems and accounts, revoked active sessions, rotated credentials for impacted resources, and temporarily blocked deployment workflows while collaborating with a third-party forensic team on the investigation.

Code-signing certificates used across multiple platforms—macOS, Windows, iOS, and Android—were exposed during the incident. While no signs indicate these certificates were misused to sign malicious software, OpenAI is proactively rotating them. This update will require macOS users to install updated versions of OpenAI’s desktop applications by June 12, 2026, since apps signed with previous certificates may fail Apple's notarization and stop working or receiving updates. Windows and iOS users remain unaffected and do not need to take action.

The broader Mini Shai-Hulud attack campaign exploited vulnerabilities in continuous integration and deployment (CI/CD) workflows, initially targeting prominent developer packages from TanStack and Mistral AI before spreading to other projects like UiPath, Guardrails AI, and OpenSearch. Attackers leveraged stolen CI/CD credentials and authorized processes to introduce malicious code into legitimate release pipelines, making compromised packages appear authentic.

According to investigations by security researchers, the attack involved abusing GitHub Actions workflows and memory token extraction to publish malicious package versions via regular release channels. The campaign primarily sought developer and cloud credentials, including GitHub tokens and npm publishing rights, posing a serious risk to software supply chain security.