OpenAI forces – OpenAI says a supply-chain attack exposed signing certificates used to verify trusted software on Apple’s systems. After rotating those certificates and re-signing affected apps, the company warned Mac users that macOS security protections will block older bui
On a deadline that runs through June 12. OpenAI is asking Mac users to update—fast enough that it sounds less like a routine upgrade and more like a safety requirement. The reason is direct. and uncomfortable: a supply chain attack exposed signing certificates used by Apple’s security systems to decide whether software should be trusted.
OpenAI disclosed the incident on May 13. and said malware tied to the “Mini Shai-Hulud” attack reached two employee devices through the TanStack npm ecosystem. The company also described unauthorized access activity found in a limited set of internal source code repositories connected to those employees.
Once the issue was understood, OpenAI moved quickly to contain what could be misused. The company rotated its signing certificates and re-signed the affected apps to prevent potential misuse of the exposed credentials. At the same time, OpenAI said it found no evidence that customer data, production systems, or intellectual property were compromised.
For Mac users. the practical consequence is that Apple’s macOS security protections will block apps signed with the older certificates after June 12. OpenAI says macOS Gatekeeper and notarization systems rely on those certificates to determine whether apps should be trusted. launched. or blocked—so after that date. the old builds may stop functioning or receiving updates.
The list of affected releases is specific. Older versions of ChatGPT Desktop. Codex App. Codex CLI. and Atlas signed with the previous certificates may stop functioning or receiving updates after June 12. The releases OpenAI flagged are ChatGPT Desktop 1.2026.125, Codex App 26.506.31421, Codex CLI 0.130.0, and Atlas 1.2026.119.1.
OpenAI said its investigation found no evidence that the exposed certificates were used to sign malicious software or distribute malware to users. The company also reviewed prior notarizations for signs of unauthorized activity and said it found no evidence of misuse.
There’s another detail behind the urgency. OpenAI confirmed that the affected repositories included signing certificates used for applications across macOS, iOS, Windows, and Android. And rather than revoking the certificates immediately—which OpenAI said could risk broken software installations for existing users—the company blocked future notarization attempts tied to the older credentials.
The incident also arrived while OpenAI was rolling out new supply chain security protections across its development systems. OpenAI said those protections included stricter package provenance checks, stronger CI/CD credential controls, and package-manager safeguards like minimumReleaseAge policies. It said the two affected employee devices hadn’t yet received those updated protections when the malware reached the systems. and that the incident accelerated deployment of additional safeguards designed to reduce the impact of future supply chain attacks.
The broader lesson isn’t abstract. OpenAI’s own description points to how modern software is assembled: through vast networks of open-source libraries. package managers. and automated development systems that can spread compromised code widely. A single malicious dependency can travel through multiple organizations before developers spot the problem.
For users who want to stay safe, OpenAI’s guidance is blunt. Install updated versions only through official websites or built-in update systems. Avoid installers distributed through ads, third-party download sites, email links, or unsolicited messages. Before June 12, Mac users should verify they are running the latest versions of ChatGPT, Codex, and related OpenAI apps. If someone downloaded OpenAI software from unofficial sources. OpenAI said they should delete those apps and reinstall clean versions directly from OpenAI.
OpenAI ChatGPT Desktop Codex App Codex CLI Atlas supply chain attack Mini Shai-Hulud TanStack npm code signing certificates Apple Gatekeeper macOS notarization security update deadline npm ecosystem CI/CD security
So they got hacked thru npm and now we all gotta scramble? Apple should’ve caught that. smh.
I don’t even use Mac ChatGPT desktop, but I read “supply chain attack” and now I’m paranoid about every app update ever. Like is my computer safe or what?
Wait “Mini Shai-Hulud”?? Sounds like some movie villain name lol. If it hit employee devices through npm, why is it my problem to update by June 12? Can’t they just push a hotfix for everyone.
My buddy said this is why updates take so long, because they’re re-signing stuff or whatever. I’m confused though—are they blocking old apps or just stopping new updates? Also I saw “notarization” and thought that was like… paying for a lawyer??