What the OpenAI Supply Chain Attack Involved
OpenAI is urging Mac users to install a critical Mac app security update after a software supply chain attack exposed code-signing certificates used for its desktop apps. The incident began when attackers compromised Tanstack, a popular open-source library distributed through npm. Malicious versions of 42 Tanstack npm packages were briefly published, and two OpenAI employee devices installed the tampered packages. The Tanstack malware threat focused on stealing developer credentials, such as GitHub tokens and internal secrets, rather than directly attacking end users. OpenAI’s investigation has found no evidence that customer data, production systems, or application code were altered. However, attackers did gain access to a limited set of internal source code repositories that contained signing certificates for OpenAI apps. Those certificates are what macOS uses to verify that a ChatGPT, Codex, or Atlas app genuinely comes from OpenAI and hasn’t been tampered with.
How Supply Chain Attacks Bypass Traditional Defenses
This OpenAI supply chain attack highlights how modern threats target the software ecosystem instead of obvious app vulnerabilities. Rather than hacking ChatGPT or Codex directly, the attackers poisoned trusted dependencies—Tanstack npm packages used in web development pipelines. Because these components are widely adopted and routinely updated, malicious versions can slip into build environments and developer workflows before anyone realizes. Once installed, the malware ran automatically during the npm install lifecycle, enabling credential theft and unauthorized access to internal repositories. In this case, that included repositories holding signing certificates for iOS, Windows, and macOS apps. Even though OpenAI has seen no evidence of malicious software being signed with its certificates, the mere possibility matters. Stolen certificates can make malware look like a legitimate, trusted OpenAI app, potentially tricking both macOS security checks and cautious users who rely on trusted publisher signatures.
Which OpenAI Mac Apps Are at Risk
The immediate concern is not that existing OpenAI Mac apps suddenly turned malicious, but that the ChatGPT certificate compromise could let attackers sign fake apps to look authentic. OpenAI is rotating its Mac signing certificates to cut off this avenue, which means older app versions will ultimately lose their trusted status. Affected macOS applications include ChatGPT Desktop, Codex App, Codex CLI, and Atlas. OpenAI has specified minimum safe versions that Mac users must install before the deadline to stay protected: ChatGPT Desktop version 1.2026.125, Codex App version 26.506.31421, Codex CLI version 0.130.0, and Atlas version 1.2026.119.1. Windows and iOS users do not need to take any action beyond normal updates, because certificate changes on those platforms do not require user intervention. For Mac users, however, updating is mandatory to maintain secure operation and prevent potential certificate-based exploitation.
Deadline: Why You Must Update by June 12
OpenAI has set June 12 as a hard deadline for Mac users to install the updated apps. Until then, older apps will continue to function, giving users time to transition. After that date, OpenAI plans to fully revoke the previous macOS signing certificates. Once revocation is in place, macOS security protections will begin blocking new downloads and first-time launches of apps signed with the old certificates. This step helps prevent attackers from distributing fake OpenAI apps that rely on stolen signing keys. It also minimizes disruption with Apple’s notarization system by providing a clear update window. To stay protected, you must ensure ChatGPT Desktop, Codex App, Codex CLI, and Atlas are all updated to their required versions or later before June 12. Treat this as a non-optional Mac app security update, especially if you rely on OpenAI tools in your daily work.
Safe Update Checklist for OpenAI Mac Apps
To protect yourself against any fallout from the OpenAI supply chain attack, follow a careful update process. First, open each OpenAI Mac app—ChatGPT Desktop, Codex App, Atlas, and Codex CLI—and use the built-in update function if available. Check that the version numbers meet or exceed the required versions published by OpenAI. If you need a fresh installer, download it only from OpenAI’s official website or trusted in-app links. Do not install apps from links in emails, texts, chat messages, ads, file-sharing links, or third-party download sites claiming to offer OpenAI or ChatGPT installers. After updating, avoid running older copies of the apps saved in backups or downloads folders, as they may still be signed with the revoked certificate. Finally, keep macOS and your security tools up to date so that future certificate and notarization checks work as intended.