What Happened: A Supply Chain Attack Hits OpenAI’s Mac Apps
OpenAI has disclosed a software supply chain attack that affects Mac users of its desktop apps, including ChatGPT, Codex, and Atlas. The incident traces back to malicious versions of TanStack npm packages, part of a widely used open-source ecosystem. Two OpenAI employee devices installed compromised TanStack packages, exposing them to malware linked to the "Mini Shai-Hulud" campaign, which targets developer credentials and internal secrets. Investigators found unauthorized access to a limited set of internal source code repositories connected to those employees, including repositories containing private macOS signing certificates. OpenAI says it found no evidence that customer data, production systems, intellectual property, or released software were altered. However, because stolen certificates could be abused to sign fake apps that look legitimate, OpenAI has rotated its signing certificates and re-signed affected apps as a precaution. The company is now requiring users to update to maintain trust and compatibility with macOS security checks.
Why This Matters: How macOS Signing Certificates Protect You
The practical risk is not that your existing OpenAI apps suddenly turned malicious, but that exposed macOS signing certificates could help attackers disguise fake apps as genuine OpenAI software. macOS uses code-signing certificates, together with systems like Gatekeeper and notarization, to verify that apps come from a legitimate developer and haven’t been tampered with. When you launch an app such as ChatGPT Desktop, macOS checks its signature against trusted certificates. If attackers obtained OpenAI’s certificates, they could sign malware so it appears as an authentic OpenAI app, increasing the likelihood that macOS and users would trust and run it. To prevent this, OpenAI has rotated its certificates and Apple will stop trusting apps signed with the old ones. This is why an OpenAI Mac security update is being pushed now, even though no malicious use of the certificates has been detected.
The June 12 App Security Deadline: Which Mac Apps Must Be Updated
Apple’s macOS security protections will block apps signed with OpenAI’s older certificates after June 12, creating a hard app security deadline for Mac users. If you rely on OpenAI’s desktop tools, you must install updated versions before that date or risk your apps being blocked or losing update capability. Affected versions include ChatGPT Desktop 1.2026.125, Codex App 26.506.31421, Codex CLI 0.130.0, and Atlas 1.2026.119.1. OpenAI has re-signed these apps with new certificates and is distributing patched releases. While the exposed certificates also covered products on iOS, Windows, and Android, OpenAI says those users do not need to take action; only macOS apps require manual updating. The goal of this OpenAI Mac security update is to ensure that only newly signed, trusted builds continue to run, closing any window in which a fake, certificate-abusing app could slip past macOS defenses.
Understanding Supply Chain Attacks Like the TanStack Incident
This incident highlights how a supply chain attack on developer tools can ripple out to end users. Modern apps depend on vast networks of open-source libraries and package managers like npm. In this case, an attacker published 84 malicious versions across 42 TanStack npm packages, some of which see millions of weekly downloads. Because the malware runs during npm install, any developer who installed an affected version on 2026-05-11 must treat the host as potentially compromised. For OpenAI, that meant two corporate devices were infected, granting the attacker access to internal repositories and signing materials, even though released apps and user data remained intact. Supply chain attacks target development dependencies, not the final apps you download, making them harder to detect yet capable of impacting many downstream projects. The supply chain attack on ChatGPT’s development environment is therefore a warning for both developers and end users to take dependency risks seriously.
How to Safely Update and Verify Your OpenAI Mac Apps
To protect yourself, update ChatGPT Desktop, Codex, Codex CLI, and Atlas directly from official OpenAI sources or trusted app stores before June 12. Avoid links in emails, messages, ads, file-sharing sites, or unofficial download pages that claim to offer OpenAI apps. Once updated, you can verify authenticity through macOS: in Finder, select the app, choose Get Info, and check that the listed developer is OpenAI and that the app is identified as a notarized, trusted application. In more advanced setups, you can review the code-signing certificate details using tools like Keychain Access or the codesign command-line utility to confirm the signature chains to Apple’s trust store and recent OpenAI certificates. Staying within Apple’s normal installation flows and checking for automatic updates is your best defense. These steps help ensure that the app you run is a genuine, newly signed OpenAI release, not a counterfeit.