What Happened: TanStack Malware and the OpenAI Supply Chain Attack
OpenAI has disclosed a software supply chain attack that affects its desktop apps, including ChatGPT and Codex for macOS. The incident began when attackers compromised TanStack npm packages, a popular open-source library heavily used in web development. On a single day, the attacker pushed dozens of malicious versions to the TanStack ecosystem. If installed, these versions executed malware during the npm install process, designed to steal developer credentials for cloud and development environments. Two OpenAI employee devices in a corporate environment installed the tainted TanStack packages before newly rolled-out supply chain protections were fully deployed. This gave attackers limited access to internal source code repositories. OpenAI’s investigation found activity consistent with credential-stealing malware but no evidence that production systems, user data, or intellectual property were accessed or that released software was altered. Still, the incident exposed one of the most sensitive assets in modern software distribution: code-signing certificates.
Why Mac Users Must Update ChatGPT and Other OpenAI Apps Now
The exposed repositories contained private signing certificates OpenAI uses to prove its apps are legitimate. On macOS, these certificates allow Apple’s Gatekeeper and notarization systems to verify that an app really comes from OpenAI and has not been tampered with. To reduce any chance that stolen keys could be misused to sign fake apps, OpenAI has rotated these certificates and re-signed its desktop products. Apple’s macOS protections will stop trusting apps signed with the old certificates after June 12. That means older versions of ChatGPT Desktop, Codex App, Codex CLI, and Atlas may fail to launch, lose update capabilities, or be blocked entirely. Users must install the re-signed versions—such as ChatGPT Desktop 1.2026.125 and corresponding updated Codex and Atlas builds—through official channels before the deadline. Updating ensures your apps continue working while closing a critical trust gap in the Mac app ecosystem.
Understanding Apple Certificate Compromise and Mac App Signing
Mac app signing certificates function like digital ID cards. When a developer signs an app, macOS checks the certificate to confirm who created it and whether Apple has notarized the software as safe. If attackers gain access to these certificates, they can potentially sign malicious apps so they appear indistinguishable from genuine software, undermining users’ trust and bypassing built-in protections. In this incident, OpenAI says it has found no evidence that any malicious software was ever signed with its certificates. To stay cautious, OpenAI blocked future notarization attempts with the old credentials and is revoking them entirely on June 12. This phased approach avoids instantly breaking existing installations while cutting off any window for abuse. The takeaway for users is simple: code-signing is central to Mac security, and keeping your ChatGPT Mac security update current is essential to ensure Apple’s checks continue to protect you.
No Evidence of User Data Breach, But Risks Remain
Despite the seriousness of the Apple certificate compromise, OpenAI reports no evidence that user data or production systems were accessed. The malware’s behavior focused on credential theft within a limited set of internal repositories rather than customer-facing environments. OpenAI says it saw no signs that its software distributed to users was altered, and it has not detected any malicious apps signed with its certificates. Still, the incident reveals how a desktop app security breach can begin far upstream in the development pipeline. Even without direct user data exposure, compromised developer machines and signing keys represent a substantial risk because they can be abused later. This is why OpenAI is treating the supply chain attack as a trigger to accelerate new safeguards, including stricter package provenance checks and stronger credential controls. Users should view this as a near miss—and a reminder that rapid patching is a key part of their own security hygiene.
How to Protect Yourself from Supply Chain Attacks on macOS
To stay safe after this supply chain attack on OpenAI, Mac users should first ensure all OpenAI apps—ChatGPT Desktop, Codex App, Codex CLI, and Atlas—are updated using in-app updaters or official download links only. Avoid installers from ads, file-sharing links, third-party sites, or unsolicited messages claiming to be from OpenAI or ChatGPT. Once the new builds are installed, macOS will recognize them as signed with the rotated, trusted certificates. Beyond this incident, users can reduce risk by limiting software sources to trusted stores or official vendor sites and by promptly applying security updates. Developers should treat any TanStack npm install on 2026-05-11 as potentially compromised and re-image affected systems, as the TanStack team advises. Ultimately, supply chain attacks exploit trust in shared components. Vigilance, fast patching, and cautious installation habits significantly lower the odds that a future supply chain attack OpenAI—or any other vendor—will impact your Mac.