OpenAI Confirms Security Breach Linked to AI Malware Campaign

In brief

• OpenAI said malware linked to the Shai-Hulud campaign infected two employee devices and gave attackers access to a small number of internal code storage systems.
• The company said it found no evidence that customer data, core systems, or company technology were affected.
• The disclosure follows earlier reports involving Microsoft and Mistral AI tied to the same broader malware campaign.

OpenAI confirmed this week that hackers tied to the Shai-Hulud malware campaign breached parts of its internal development environment through a compromised open-source software package. The incident follows similar disclosures from Mistral AI as hackers increasingly target software tools used to build AI models and applications.

In a blog post on Wednesday, OpenAI said hackers compromised TanStack npm, a software tool developers use to download and manage coding packages. The company said malware infected two employee devices, and gave attackers access to a small number of internal code storage systems before OpenAI stopped the activity.

“We observed activity consistent with the malware’s publicly described behavior, including unauthorized access and credential-focused exfiltration activity, in a limited subset of internal source code repositories to which the two impacted employees had access,” OpenAI wrote.

The company said it found no evidence that customer data, production systems, or intellectual property were compromised.

OpenAI said the impacted repositories included code-signing certificates used for products on macOS, Windows, and iOS. Those certificates help operating systems verify that software actually comes from a trusted company and has not been altered.

“As a result, we are rotating code-signing certificates as a precaution, which will require macOS users to update their applications,” the company said. “Users do not need to take any action for Windows and iOS apps. Additional guidance will be provided to macOS users regarding these required updates.”

OpenAI said macOS users must update OpenAI apps before June 12. Older versions signed with the previous certificates may stop functioning after that date.

OpenAI did not immediately respond to a request for comment by Decrypt.

The disclosure follows reports earlier this week involving Microsoft and French AI startup Mistral AI tied to the same broader malware campaign.

On Monday, Microsoft Threat Intelligence said attackers inserted malicious code into a Mistral AI software package distributed through PyPI, a platform developers use to download Python software tools. According to Microsoft, the malware downloaded another malicious file designed to resemble Hugging Face’s popular Transformers library, so it would blend into AI development environments.

OpenAI said the attacks highlight growing risks across the tech industry.

“This incident reflects a broader shift in the threat landscape: Attackers are increasingly targeting shared software dependencies and development tooling rather than any single company,” they wrote.

Daily Debrief Newsletter