OpenAI says two employee Macs were hit by the TanStack attack but no data or IP was stolen.
- OpenAI confirms two employee Macs were infected in TanStack attack
- No user data or production systems were compromised
- Corporate security team moved quickly to contain the breach
OpenAI confirmed on Monday that two Macs in its corporate environment were infected through a supply chain attack targeting TanStack, a popular open-source JavaScript library. The company says the breach didn’t touch any user data, production systems, or intellectual property. Instead, the attackers focused on internal devices—likely trying to move laterally within OpenAI’s network.
The attack used the Mini Shai-Hulud malware campaign, a known supply chain trick where attackers hijack legitimate software updates to push malicious code. TanStack, which provides data management tools for developers, was compromised at the source. OpenAI’s security team spotted the intrusion fast, isolated the affected devices, and rolled out macOS updates to stop the spread. No signs suggest the attackers got deeper access than those two machines.
How the attack worked
OpenAI didn’t share full technical details, but supply chain attacks like this usually start when a company updates a third-party library or tool. If the attacker controls the update channel, they can slip malware into seemingly normal software. In this case, TanStack’s update system was hijacked, and the malicious code ended up on two employee laptops. OpenAI says its automated defenses caught the unusual activity before anything sensitive was exposed.
The company’s public statement emphasizes that no OpenAI accounts, customer data, or internal projects were accessed. That’s a relief for a company handling sensitive AI work and billions in funding. Still, the incident shows how supply chain attacks can slip past even strong defenses if the compromise happens upstream in a trusted tool.
Why supply chain attacks keep happening
Supply chain attacks have become a favorite for cybercriminals because they’re hard to detect and can hit many targets at once. In 2023, a similar attack on 3CX disrupted thousands of businesses. Earlier this year, a poisoned update from Progress Software’s MOVEit exposed data from hundreds of organizations. These incidents prove that even trusted vendors can be weaponized.
OpenAI’s quick response helped limit damage, but the attack highlights a growing risk for tech companies. Attackers don’t need to break into a firewall if they can hijack the tools developers use every day. That’s why companies now vet third-party code more carefully and monitor supply chain dependencies closely.
What happens next
OpenAI says it’s reviewing its supply chain security practices and tightening controls around how employees install software. The company also notified law enforcement and relevant cybersecurity agencies. While no customer impact was reported, the incident could slow down internal projects that rely on TanStack or similar tools.
For users of TanStack or other open-source libraries, this is a reminder to update software only from official sources and check for unusual behavior after updates. Supply chain attacks aren’t going away, but companies that act fast can still avoid the worst outcomes.
What You Need to Know
- Source: The Hacker News
- Published: May 15, 2026 at 10:54 UTC
- Category: Security
- Topics: #hackernews · #security · #vulnerabilities · #openai · #stack-supply-chain
Read the Full Story
This is a curated summary. For the complete article, original data, quotes and full analysis:
All reporting rights belong to the respective author(s) at The Hacker News. GlobalBR News summarizes publicly available content to help readers discover the most relevant global news.
Curated by GlobalBR News · May 15, 2026
🇧🇷 Resumo em Português
A OpenAI, criadora do ChatGPT, confirmou que dois computadores Mac de funcionários foram infectados por um ataque à cadeia de suprimentos da TanStack, uma biblioteca de código aberto amplamente usada no desenvolvimento de aplicativos web. O incidente revela mais uma vez os riscos ocultos que ameaçam até mesmo as empresas mais avançadas do setor de tecnologia, expondo brechas em sistemas que deveriam ser blindados contra ameaças digitais.
O ataque, identificado recentemente, explorou uma vulnerabilidade na TanStack — ferramenta essencial para desenvolvedores que buscam otimizar a performance de interfaces de usuário — para injetar um malware nos dispositivos de dois colaboradores da OpenAI. Embora a empresa assegure que nenhum dado de usuário ou propriedade intelectual foi acessado ou comprometido, o episódio reforça uma tendência preocupante: invasores estão cada vez mais mirando cadeias de suprimentos de software livre, que, por sua abrangência global, tornam-se alvos estratégicos para cibercriminosos. No Brasil, onde o uso de bibliotecas open source é crescente entre startups e grandes corporações, o caso serve como alerta para a necessidade de auditorias constantes e adoção de protocolos robustos de segurança, especialmente em ambientes corporativos que lidam com informações sensíveis.
Agora, a comunidade de segurança digital aguarda investigações mais detalhadas para entender como o ataque ocorreu e quais medidas serão implementadas pela TanStack e pela OpenAI para evitar novos incidentes.
The Hacker News
Read full article at The Hacker News →This post is a curated summary. All rights belong to the original author(s) and The Hacker News.
Was this article helpful?
Discussion