(Credit: Gabby Jones/Bloomberg via Getty Images)
If you use OpenAI's macOS apps, including ChatGPT and Codex, it’s time to update. The company is urging users to install new versions following a hack of several employee devices.
The hack involves an open-source software library called Tanstack that is widely used for web development. On Monday, an attacker published 84 malicious software versions across 42 Tanstack “npm packages,” which function as pre-built software.
Some of the affected Tanstack software receives millions of weekly downloads, meaning the hack could have easily affected numerous projects and users. Fortunately, security researchers flagged the malicious versions within the first 20 minutes, leading to their removal. But if the malicious software had been installed, it would have downloaded malware capable of stealing developer login credentials for cloud computing accounts.
“Because the payload runs as part of npm install's lifecycle, anyone who installed an affected version on 2026-05-11 must treat the install host as potentially compromised,” Tanstack warned.
OpenAI says two employee devices with “corporate environment” access installed the malicious versions of Tanstack, prompting the AI developer to launch an investigation. “We found no evidence that OpenAI user data was accessed, that our production systems or intellectual property were compromised, or that our software was altered,” the company said in a blog post.
However, OpenAI did detect “activity consistent with the malware’s publicly described behavior, including unauthorized access and credential-focused exfiltration activity, in a limited subset of internal source code repositories to which the two impacted employees had access.”
The source code repositories include private signing certificates, which OpenAI uses to indicate the company’s apps are legit and trustworthy. If stolen, a hacker could sign their malicious software, making it appear as a trusted OpenAI product, bypassing OS security safeguards.
“The impacted source code repositories included signing certificates for our products, including iOS, macOS, and Windows. As a result, we are rotating code-signing certificates as a precaution, which will require macOS users to update their applications. Users do not need to take any action for Windows and iOS apps. Additional guidance will be provided to macOS users regarding these required updates,” OpenAI said.
The company seems concerned about the possibility that hackers will use the stolen signing keys to push malware to macOS users. In urging users to update, OpenAI noted: "This helps prevent any risk, however unlikely, of someone attempting to distribute a fake app that appears to be from OpenAI."
The company also warned Mac users: "Do not install apps from links in emails, messages, ads, or third-party download sites. Be cautious of unexpected 'OpenAI,' 'ChatGPT,' or 'Codex' installers sent through email, text, chat messages, ads, file-sharing links, or third-party download sites."
(Credit: OpenAI)So far, the company has “found no evidence of malicious software being signed with any of OpenAI’s certificates.” Still, the company plans on fully revoking the certificates on June 12, meaning “new downloads and launches of apps signed with the previous certificate will be blocked by macOS security protections.” Hence, macOS users are encouraged to update via an in-app update or the company’s official download links.
The company refrained from revoking the macOS certificates immediately to prevent MacBook users from encountering technical snafus with Apple's notarization system. “Because new notarization with the previous certificate is blocked, and because the revocation may cause macOS to block new downloads and first-time launches of apps signed with the previous certificate, we are giving our users until June 12, 2026, to update to minimize disruption,” it said.
The incident underscores the threat of hackers targeting open-source npm packages, which have been involved in a growing number of software supply chain attacks in recent months. The attack on Tanstack has been traced to a hacking group called TeamPCP, which infected over 160 npm packages on Monday to spread credential-stealing malware. Tanstack reports that three vulnerabilities were abused and chained together to upload the malicious versions.
Disclosure: Ziff Davis, PCMag's parent company, filed a lawsuit against OpenAI in April 2025, alleging it infringed Ziff Davis copyrights in training and operating its AI systems.