,

OpenAI Confirms Internal Code Theft Following Supply-Chain Cyberattack

May 15, 2026 | Published by AI News Pro

OpenAI has confirmed that a recent supply-chain cyberattack led to unauthorized access and the theft of credentials from a limited subset of its internal source code repositories, impacting two employee devices. This incident is part of a growing trend of sophisticated cyberattacks targeting software developers and the open-source projects they rely on.

The breach at OpenAI originated from an earlier attack on TanStack, a popular open-source library utilized by developers to build web applications. TanStack disclosed that hackers published 84 malicious versions of its software during a brief six-minute window. The embedded malware was designed to steal credentials from infected computers and to self-propagate to other systems. Following an internal investigation, OpenAI stated there is no evidence that user data was accessed, production systems or intellectual property were compromised, or its software was altered.

In response to the credential theft and unauthorized access to its internal source code, OpenAI is implementing precautionary measures. The affected repositories contained digital certificates used to sign the company’s products, prompting a rotation of these certificates. This action will necessitate macOS users to update their OpenAI applications. The company reiterated that it has found no evidence of compromise or risk to existing software installations.

The perpetrators behind the TanStack attack remain unknown. However, similar supply-chain hacks have been attributed to various groups. Past incidents include attacks linked to the hacking group TeamPCP. Other notable examples include North Korean hackers compromising the Axios open-source development tool in March, potentially infecting millions of developers, and Chinese hackers accused of a similar attack in May targeting thousands of Windows computers running Daemon Tools disc-imaging software. These types of attacks exploit vulnerabilities in widely used open-source projects, distributing malware disguised as routine updates to compromise numerous targets simultaneously.

AI Disclosure: This article is based on verified data and official reports. Our AI have cross-referenced every financial detail with primary sources to ensure total accuracy.

More from this Category

The Enhanced Games: Controversial ‘Steroid Olympics’ Set for Las Vegas Debut
, , ,

The Enhanced Games: Controversial ‘Steroid Olympics’ Set for Las Vegas Debut

A groundbreaking and highly controversial sporting event, dubbed the ‘Enhanced Games,’ is set to take place in Las Vegas this Sunday. The competition distinguishes itself from traditional athletics by allowing participants to utilize performance-enhancing drugs, a policy that has drawn sharp criticism from the World Anti-Doping Agency and the International Olympic Committee. Despite the backlash, […]
House Oversight Committee Launches Probe into Insider Trading on Prediction Platforms
, , ,

House Oversight Committee Launches Probe into Insider Trading on Prediction Platforms

The House Oversight and Government Reform Committee has officially launched an investigation into the operations of prediction market platforms Kalshi and Polymarket. Committee Chair James Comer is seeking detailed information from the leadership of both companies to determine how they monitor for and prevent insider trading, particularly regarding events tied to U.S. government actions, military […]
Prediction Market Giants Double Down on Investment Amid Regulatory Tug-of-War
, , ,

Prediction Market Giants Double Down on Investment Amid Regulatory Tug-of-War

A jurisdictional battle is intensifying between state governments and federal regulators over the control of prediction markets. While the Commodity Futures Trading Commission (CFTC) asserts its authority to regulate event contracts as swaps and derivatives, seventeen states are challenging this stance, arguing that these platforms function similarly to sports gambling. This legal friction has led […]
GitHub’s Infrastructure Struggles Threaten Microsoft’s Dominance in AI Coding
, , ,

GitHub’s Infrastructure Struggles Threaten Microsoft’s Dominance in AI Coding

GitHub, once the undisputed cornerstone of the developer ecosystem, is facing a critical period of instability that threatens to undermine Microsoft’s broader artificial intelligence strategy. As the rise of ‘vibe coding’—the use of agentic AI to automate software development—places unprecedented stress on digital infrastructure, GitHub has been plagued by a series of persistent outages. These […]