OpenAI Confirms Employee Devices Were Breached in Massive npm Supply-Chain Attack

No customer data or production systems were compromised

News
Milan Stanojevic
Milan Stanojevic Shield
Windows Toubleshooting Expert
News
Reading time icon 2 min. read

Calendar icon Published on

openai breach

OpenAI has confirmed that two employee devices were compromised during the “Mini Shai-Hulud” supply-chain attack that targeted npm, PyPI, CI/CD infrastructure, and developer credentials, as Bleeping Computer writes.

The company says attackers gained access to a limited subset of internal source code repositories and stole a small number of credentials. However, OpenAI says investigators found no evidence that customer data, production systems, deployed software, or core intellectual property were compromised.

OpenAI Confirms Code-Signing Certificate Exposure

One of the most serious parts of the incident involves exposed code-signing certificates tied to OpenAI applications across multiple platforms.

OpenAI confirmed that certificates used for macOS, Windows, iOS, and Android applications were exposed during the attack. The company says it has not detected any malicious use of those certificates so far, but it already started rotating them as a precaution.

The breach appears linked to the wider “Mini Shai-Hulud” campaign, which has targeted open-source ecosystems and developer infrastructure through supply-chain compromise techniques.

macOS Users Must Update Before June 12

OpenAI says macOS users need to update OpenAI desktop applications before June 12, 2026.

According to the company, Apple notarization requirements may cause older signed versions of OpenAI applications to stop launching or stop receiving updates after that date.

Windows and iOS users do not need to take any action at this time. OpenAI says those platforms remain unaffected by the certificate rotation process.

OpenAI Restricted Internal Deployment Workflows

Following the incident, OpenAI says it isolated affected systems, revoked sessions, rotated credentials, and temporarily restricted deployment workflows while investigators analyzed the breach.

The company also confirmed it worked with third-party incident response specialists during the forensic investigation.

The attack highlights the growing threat posed by software supply-chain compromises targeting package repositories, developer environments, and CI/CD systems. Security researchers have increasingly warned that attackers now focus on trusted development infrastructure because it can provide rapid access to internal systems and credentials.

OpenAI Faces Multiple Security and Legal Challenges

The incident arrives during an already difficult period for OpenAI.

The company recently faced reports suggesting it may consider legal action against Apple over ChatGPT integration concerns. At the same time, OpenAI also faces a new lawsuit alleging that ChatGPT user data was shared with Meta and Google tracking systems.

While the issues are unrelated, they add further scrutiny around OpenAI’s security, privacy, and platform relationships as the company continues expanding its AI ecosystem.

More about the topics: OpenAI, security

Milan Stanojevic

Milan Stanojevic Shield

Windows Toubleshooting Expert

Milan has been enthusiastic about technology ever since his childhood days, and this led him to take interest in all PC-related technologies. He's a PC enthusiast and he spends most of his time learning about computers and technology. Before joining WindowsReport, he worked as a front-end web developer. Now, he's one of the Troubleshooting experts in our worldwide team, specializing in Windows errors & software issues.

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

User forum

0 messages