OpenAI disclosed a supply‑chain breach that exposed the code‑signing certificates used to notarize its Mac desktop clients. The intrusion, labeled the “Mini Shai‑Hulud” attack, compromised two employee machines via the TanStack npm ecosystem and gave attackers limited access to internal repositories. OpenAI responded by rotating the certificates and re‑signing affected builds, including ChatGPT Desktop, Codex App, Codex CLI and Atlas.

Apple’s Gatekeeper will reject any macOS app still signed with the old credentials after June 12, forcing users to download the refreshed binaries from OpenAI’s official channels. The company says no customer data or production systems were breached, and it has blocked further notarization attempts with the compromised keys to prevent future abuse.

Mac owners of ChatGPT Desktop 1.2026.125, Codex App 26.506.31421, Codex CLI 0.130.0 or Atlas 1.2026.119.1 must install the updates before the deadline or risk loss of functionality. OpenAI’s swift certificate rotation showcases how modern supply‑chain attacks can ripple through multiple platforms, prompting developers to tighten CI/CD controls and users to verify software sources.

The incident arrives as Apple tightens its notarization policies, a move aimed at curbing malicious code distribution on macOS. Security researchers note that the TanStack npm supply chain is a growing target, and OpenAI’s decision to re‑sign rather than revoke certificates avoided breaking existing installations while still protecting the ecosystem.