OpenAI has confirmed it was hit by the recent TanStack supply chain attack that compromised developer tools in May. Two employee devices were infected with the Shai-Hulud worm, allowing hackers to steal credentials and access internal code repositories containing code-signing certificates for the company's apps across multiple platforms. While OpenAI says no customer data or intellectual property was compromised, the company is now revoking and replacing all affected security certificates, requiring Mac users to update their applications by June 2026 to continue receiving updates.