OpenAI has confirmed that it was affected by the recent TanStack npm supply chain attack that targeted developers and software companies. The company said two employee devices inside its corporate environment were compromised during the incident. The attack involved malicious code hidden inside trusted npm packages used by developers worldwide. OpenAI stated that it immediately started investigating the breach after detecting suspicious activity.

TanStack is a popular JavaScript library ecosystem that receives millions of downloads every week from developers. Security researchers discovered that attackers secretly inserted malware into multiple TanStack npm packages. The campaign has been linked to a larger operation known as “Mini Shai-Hulud” by cybersecurity researchers. The malicious packages were designed to quietly steal important credentials from infected systems.

According to reports, the malware mainly targeted GitHub tokens, cloud API keys, npm publishing credentials, and CI/CD secrets. These credentials are often connected to internal software repositories and development infrastructure. Because of this, experts considered the attack highly dangerous for companies using the affected packages. Researchers believe the attackers wanted long-term access to development environments and sensitive systems.

During its investigation, OpenAI confirmed that attackers gained unauthorized access to a limited number of internal source code repositories. The company also said some credential-related information stored in those repositories was accessed. However, OpenAI stated that there is currently no evidence showing that customer data was exposed. The company added that ChatGPT systems and production infrastructure were not compromised during the incident.

OpenAI also confirmed that there was no indication of intellectual property theft or changes made to deployed AI systems. The company emphasized that its products continued operating normally during and after the investigation process. To better understand the incident, OpenAI hired an external digital forensics and incident response team. The investigation is still ongoing as cybersecurity experts continue analyzing the full scope of the attack.

Cybersecurity researchers say this case shows how dangerous software supply chain attacks have become in recent years. Instead of directly hacking companies, attackers compromise trusted third-party software packages used by thousands of developers. Once developers install the infected package, the malware can spread silently into internal systems and environments. This method makes supply chain attacks difficult to detect in the early stages.

Researchers investigating the incident reported that at least 42 TanStack packages were compromised during the campaign. More than 80 malicious package versions were reportedly uploaded before they were discovered and removed. Since TanStack libraries are widely used across the industry, millions of weekly downloads may have been exposed. Experts also said some malicious packages appeared to have valid release signatures, making detection even harder.

OpenAI says it has already rotated credentials, reviewed internal security controls, and increased monitoring for suspicious activity. Security experts are now advising developers to audit dependencies and rotate any potentially exposed credentials immediately. Companies are also being warned to closely monitor CI/CD systems and developer environments for unusual behavior. While OpenAI says customer systems were not affected, the incident has raised serious concerns across the cybersecurity industry.

Stay alert, and keep your security measures updated!

Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news