OpenAI Hit by npm Supply Chain Attack, Internal Credentials Stolen from Employee Devices

Summary

OpenAI was caught in the "Mini Shai-Hulud" npm supply chain compromise campaign after malware hidden in poisoned TanStack packages reached two employee devices and exposed internal credentials. The attackers, linked to a threat group called TeamPCP, successfully exfiltrated limited credential material from OpenAI code repositories, prompting the company to rotate signing certificates for its desktop products. The company has confirmed that no customer data, production systems, or deployed software were compromised by the incident.

In response, OpenAI is requiring users to update ChatGPT Desktop, Codex App, Codex CLI, and Atlas by June 12, 2026, as new security certificates have been rotated. The incident occurred during a phased rollout of new supply chain security controls, and the two affected employee devices had not yet received updated package management protections that would have blocked the malicious dependencies.

This attack is part of a broader and increasingly aggressive series of npm ecosystem compromises. Security researchers have linked the campaign to TeamPCP, which has systematically targeted npm packages and developer infrastructure to steal credentials including GitHub tokens, cloud secrets, npm publishing credentials, and CI/CD authentication material. TanStack itself confirmed that 84 malicious package versions across 42 packages were published as part of the attack.

• Users must update ChatGPT Desktop, Codex App, Codex CLI, and Atlas by June 12 following certificate rotations
• Attack linked to TeamPCP threat group's broader "Mini Shai-Hulud" campaign targeting developer infrastructure across multiple ecosystems