OpenAI confirmed a security incident that will require all ChatGPT Mac desktop app users to update their software by June 12. The breach stems from a compromise of the TanStack open-source library on May 11, 2026, which affected two employee devices within OpenAI's corporate environment.

The supply chain attack, dubbed Mini Shai-Hulud, allowed unauthorized access to limited internal source code repositories. While the company found evidence of credential-focused exfiltration, they confirmed no user data was accessed and no production systems were compromised. However, the exposed code included certificate-signing capabilities for OpenAI products.

To mitigate the risk, OpenAI is revoking existing certificates and forcing a mandatory update for the ChatGPT Mac app. Users will be prompted to update automatically—no action is required at this time. iOS and Windows versions remain unaffected by this specific incident.

This incident highlights ongoing risks in software supply chains, particularly when popular open-source dependencies become attack vectors. For OpenAI, the breach represents a significant security event despite limited data exposure, requiring swift action to maintain user trust in their desktop applications.