What Happened in the OpenAI Mac Supply Chain Attack
OpenAI has confirmed a software supply chain attack that affects its Mac applications, prompting an urgent security advisory. The incident began when two internal developer devices were compromised via malicious versions of TanStack npm packages, linked to the "Mini Shai-Hulud" malware campaign. These packages ran during npm install and were designed to steal developer credentials like GitHub tokens, API keys, and internal secrets. As a result, attackers briefly gained access to a limited set of OpenAI internal source code repositories. Crucially, these repositories contained code-signing certificates used to prove that apps such as ChatGPT, Codex, and Atlas are legitimate OpenAI software on macOS. OpenAI reports no evidence that user data, production systems, intellectual property, or released applications were modified. Still, the exposure of signing materials creates a serious trust risk, which is why OpenAI and Apple are now enforcing a strict update deadline.
Why the Code Signing Certificate Breach Matters
At the heart of this incident is a code signing certificate breach, a core part of OpenAI Mac app security. On macOS, Apple’s Gatekeeper and notarization systems use these certificates to verify that an app truly comes from a legitimate developer and has not been tampered with. If attackers obtain those certificates, they can, in theory, sign their own malicious apps so they appear to be trusted OpenAI software. OpenAI says investigators have found no evidence that the exposed certificates were used to sign or distribute malware. However, the theoretical impact is serious: fake ChatGPT or Codex installers could bypass normal macOS warnings and look authentic. That is why OpenAI has rotated its signing certificates and re-signed affected apps, and why Apple will stop trusting older certificates after the deadline. The goal is to break any potential path for attackers to abuse these credentials.
Which OpenAI Mac Apps Are Affected and Who Is at Risk
This supply chain attack on macOS primarily affects OpenAI’s desktop products that rely on the compromised signing certificates. OpenAI has specifically called out older versions of ChatGPT Desktop, Codex App, Codex CLI, and Atlas for macOS as being signed with the now-rotated certificates. Versions including ChatGPT Desktop 1.2026.125, Codex App 26.506.31421, Codex CLI 0.130.0, and Atlas 1.2026.119.1 will lose trust under Apple’s security systems after the cutoff date. Mac users running these or earlier releases are at risk of their apps being blocked or failing to receive updates once Apple’s protections stop recognizing the old signatures. While OpenAI stresses that it has not found evidence of malicious builds being distributed, any Mac user who installs OpenAI apps is part of the at-risk population until they update. Windows, iOS, and Android users do not need to take action at this time.
The June 12 Deadline: What Happens If You Do Not Update
Apple has aligned its security systems with OpenAI’s response by enforcing a hard cutoff for apps signed with the exposed certificates. After June 12, macOS Gatekeeper and notarization services will no longer trust OpenAI apps signed with the previous credentials. Practically, this means older versions of ChatGPT Desktop, Codex, Codex CLI, and Atlas may stop launching, lose the ability to update, or be blocked outright as untrusted software. OpenAI deliberately chose not to instantly revoke the old certificates, as that could have immediately broken existing installations for users who had not yet updated. Instead, it has rotated certificates, re-signed the apps, and set this grace period to allow macOS users time to migrate safely. If you ignore the deadline, your OpenAI tools may suddenly fail, and you will miss the protection that comes with the refreshed, securely signed versions.
Actionable Steps to Protect Yourself on macOS Now
To stay ahead of this supply chain attack on macOS, update your OpenAI apps immediately. First, open ChatGPT, Codex, Atlas, or Codex CLI on your Mac and use their built-in update mechanisms, or download the latest versions directly from OpenAI’s official website or trusted app stores. Do not rely on third-party download sites. Avoid installing any “OpenAI,” “ChatGPT,” or “Codex” apps from links in emails, chats, ads, or file-sharing services—these are common delivery vectors for malware, especially when signing certificates have been exposed. Treat any unexpected installer as suspicious, even if it appears polished or uses OpenAI branding. After updating, periodically re-check for new releases, as OpenAI may continue to harden its Mac security posture. Finally, if you are a developer who installed affected TanStack packages on 2026-05-11, follow TanStack’s guidance and consider your development host potentially compromised, rotating credentials accordingly.