What Happened: A Supply Chain Attack Hits OpenAI’s Development Pipeline
OpenAI has issued an urgent OpenAI Mac app update warning after a supply chain attack in the TanStack npm ecosystem exposed code-signing certificates used to validate its desktop applications. Malware linked to the “Mini Shai-Hulud” campaign compromised two employee devices by abusing a popular npm package relied on by multiple developers. From there, the attackers gained limited access to internal source code repositories that contained signing certificates for macOS, iOS, Windows, and Android apps. Investigators say there is no evidence that customer data, production systems, or intellectual property were accessed or that malicious apps were signed and distributed. However, the exposure of these certificates created a serious ChatGPT security vulnerability: in theory, attackers could use the stolen materials to make fake apps appear legitimate. To reduce this risk, OpenAI rotated its signing certificates, re-signed affected apps, and coordinated with platform providers to block new notarizations tied to the exposed credentials.
Why Exposed macOS Signing Certificates Matter for Mac App Security
On macOS, signing certificates are at the heart of Mac app security. Every trusted app, including ChatGPT Desktop, Codex, and Atlas, is signed with a developer certificate that allows Apple’s Gatekeeper and notarization systems to verify that the software truly comes from a legitimate developer and has not been tampered with. When those macOS signing certificates are exposed, attackers may be able to sign their own malicious apps so that they look and behave like authentic software, bypassing some of Apple’s verification checks. While OpenAI and investigators found no evidence that the compromised certificates have been misused, the theoretical risk is significant enough that Apple’s protections will stop trusting older certificates after June 12. This means legacy versions of OpenAI desktop apps may stop launching or receiving updates, and users must transition to newly signed builds to retain both functionality and security assurances.
Update Deadline: Which OpenAI Mac Apps Are Affected and By When
OpenAI has set a hard June 12 deadline for Mac users to install the latest versions of its desktop apps. Older builds of ChatGPT Desktop, Codex App, Codex CLI, and Atlas that were signed with the now-exposed certificates will be blocked by Apple’s macOS security systems after that date. The required versions are: ChatGPT Desktop 1.2026.125, Codex App 26.506.31421, Codex CLI 0.130.0, and Atlas 1.2026.119.1. If you continue using earlier releases, they may fail to open, lose access to updates, or be flagged as untrusted by Gatekeeper. OpenAI notes that Windows and iOS users only need to follow normal update practices, but macOS users must treat this as a mandatory security update. Installing these versions ensures your apps are signed with fresh, uncompromised certificates and remain recognized as legitimate OpenAI software by macOS.
Step-by-Step: How Mac Users Should Safely Update ChatGPT and Other Apps
To stay protected, Mac users should update ChatGPT Desktop, Codex, Codex CLI, and Atlas directly from official OpenAI channels. First, open each app and check the About or Settings menu for an in-app updater; if available, use it to install the latest version before June 12. If no updater is present or the app fails to update, visit OpenAI’s official website and download the Mac installer from the product’s page. Do not trust links from ads, email attachments, messaging apps, or third-party download sites, as attackers could exploit this incident to distribute fake installers. After installing, verify that the version numbers match the required builds and that the apps launch without macOS security warnings. If you previously downloaded any OpenAI software from unofficial sources, delete those copies and perform a clean install from OpenAI’s site to ensure app authenticity.
What This Incident Reveals About Supply Chain Attacks and npm Dependencies
The Mini Shai-Hulud incident underscores how fragile modern software supply chains can be. OpenAI’s development systems relied on npm packages from the TanStack ecosystem, and a compromised dependency allowed malware to traverse into developer environments, targeting credentials such as GitHub tokens, API keys, and internal secrets. Even with emerging safeguards like stricter package provenance checks, stronger CI/CD credential controls, and minimumReleaseAge policies for package managers, the two affected devices had not yet received all new protections when the attack landed. This highlights how a single weak link in open-source dependencies can create a supply chain attack npm path that affects multiple organizations at once. For Mac users, the lesson is clear: even trusted vendors can be impacted by upstream compromises, so promptly installing security-driven updates and relying only on official distribution channels is essential to maintaining long-term Mac app security.