OpenAI confirmed that its ChatGPT desktop application for Mac experienced a security incident involving two employee devices. The breach stemmed from a compromised open-source library, prompting the company to issue an emergency software update rolling out now with full deployment expected by June 12.

According to the company's blog post, malicious activity was detected and contained quickly. OpenAI states no user data was accessed and no systems were compromised beyond the two affected devices. A third-party digital forensics firm has been hired to investigate the incident thoroughly.

The company confirmed that limited credential material was exfiltrated from code repositories, but no other information or code was impacted. Mac users should update their app when prompted, while Windows and iOS users remain unaffected by this specific vulnerability.

This marks another security challenge for the ChatGPT Mac application, which previously faced criticism in 2024 for storing user conversations in plain text rather than encrypting them locally. The incident demonstrates ongoing risks in software supply chains and the importance of rapid incident response protocols.