OpenAI Forces ChatGPT Mac App Update After Fresh Security Incident Hits Employee Devices

OpenAI disclosed a May 11 security breach impacting two employee devices via a TanStack library attack. Mac users must update the ChatGPT desktop app by June 12 or risk losing functionality. No user data was compromised. This follows a similar April Axios incident that also forced certificate rotations.
OpenAI Forces ChatGPT Mac App Update After Fresh Security Incident Hits Employee Devices
Written by Maya Perez

Mac users of ChatGPT received a stark reminder this week. A new security breach at OpenAI has triggered another round of mandatory app updates. The incident, disclosed on May 14, involves compromised employee devices and a supply-chain attack on an open-source library. It follows an earlier episode in April. Both cases highlight persistent risks in how the AI company secures its desktop software.

OpenAI confirmed the latest compromise occurred on May 11. According to the company, two employee devices in its corporate environment were hit. The attack leveraged a malicious version of TanStack, a popular JavaScript library, as part of a broader operation dubbed “Mini Shai-Hulud.” 9to5Mac reported the details first among consumer outlets.

“Two employee devices in our corporate environment were impacted by this attack,” OpenAI stated. “Upon identification of the malicious activity, we worked quickly to investigate, contain, and take steps to protect our systems.” The firm observed unauthorized access and credential exfiltration attempts. Yet it stressed that only limited credential material left a small subset of internal code repositories. No other data or code was taken.

The response came fast. OpenAI hired a third-party forensics firm. It contained the breach. And it decided to revoke and rotate certain code-signing certificates tied to its macOS applications. That decision forces users to install fresh versions of the ChatGPT desktop app. Failure to do so by June 12 could leave the software non-functional or blocked by Apple’s security features. And this time the window feels tighter than before.

Just a month earlier, a similar drama unfolded. On March 31, attackers compromised the Axios library. A GitHub Actions workflow at OpenAI pulled the tainted version 1.14.1 during the macOS app-signing process. That workflow held access to signing certificates for ChatGPT Desktop, Codex, Codex CLI, and the Atlas browser. OpenAI’s own disclosure from April 10 laid out the sequence.

“We found no evidence that OpenAI user data was accessed, that our systems or intellectual property was compromised, or that our software was altered,” the company said then. Its analysis suggested the certificate was probably not exfiltrated, thanks to timing and other safeguards. Still, OpenAI treated it as compromised. It set a May 8 cutoff. Older builds would lose support and might stop launching cleanly on macOS.

Those April updates rolled out versions such as ChatGPT Desktop 1.2026.051. Many users complied without much friction. The episode drew links to North Korean actors, according to reports from CNBC and others. It exposed how even careful developers can fall victim to supply-chain tricks. One misconfigured workflow using a floating tag instead of a pinned commit hash opened the door.

Now the May incident adds layers. It hit employee endpoints directly rather than purely through a build pipeline. Credentials from code repos were exposed, even if in limited fashion. That raises questions about lateral movement risks inside OpenAI’s environment. Security teams at other AI firms are no doubt reviewing their own endpoint protections and dependency management today.

But here’s the reassuring part. OpenAI insists user data stayed safe in both cases. Conversations, API keys, and personal details were not touched. Password changes are unnecessary. The web version, iOS, Android, and Windows apps remain unaffected. So does that make the whole affair overblown?

Not entirely. The repeated certificate rotations signal deeper caution. Fake apps signed with stolen keys could trick users into installing malware that looks official. macOS Gatekeeper and notarization provide defenses, yet determined attackers test those boundaries. One wrong click on a phishing link, and the protection collapses.

Industry watchers point to broader patterns. Supply-chain attacks on popular libraries like Axios and TanStack affect thousands of projects. North Korean groups have shown skill at social engineering maintainers and inserting remote access tools. The malicious payloads lived briefly — about three hours in the Axios case — before removal. Speed matters.

OpenAI’s transparency stands out. It published technical details, listed exact new version numbers, and warned users against third-party downloads. “Do not install apps from links in emails, messages, ads, or third-party download sites,” its guidance reads. Solid advice. Yet the company also admitted the root cause in April was a workflow misconfiguration. It fixed that. The May event suggests endpoint security still needs strengthening.

Users should act now. Check for in-app updates. Download only from chatgpt.com/download or equivalent official pages. Restart the app after updating. Those still on very old builds may see warnings or outright blocks soon. The June 12 date gives breathing room, but complacency invites trouble.

The incidents also spark conversation about desktop AI tools. Many professionals paste sensitive work product into ChatGPT. Local storage of chats, even if encrypted in newer builds, creates another attack surface. Enterprises running the app at scale may want to audit usage policies.

So far no evidence has surfaced of malicious apps signed with OpenAI’s old certificates. The firm monitors for such activity and says it will accelerate revocation if threats appear. That proactive stance buys time for users to migrate.

Still, the back-to-back events in March and May reveal fragility. AI companies move fast. Their software dependencies multiply. And threat actors watch closely. For Mac users, the message is simple. Update the app. Stay alert. And recognize that convenience sometimes travels with hidden costs.

Further reporting from Forbes in April reinforced how the Axios compromise tied into larger campaigns. Recent discussions on X echo user frustration mixed with relief that no customer data leaked. The pattern suggests OpenAI will face continued scrutiny on its internal security hygiene. For an organization defining the future of AI, those expectations sit high.

Subscribe for Updates

AISecurityPro Newsletter

A focused newsletter covering the security, risk, and governance challenges emerging from the rapid adoption of artificial intelligence.

By signing up for our newsletter you agree to receive content related to ientry.com / webpronews.com and our affiliate partners. For additional information refer to our terms of service.

Notice an error?

Help us improve our content by reporting any issues you find.

Get the WebProNews newsletter delivered to your inbox

Get the free daily newsletter read by decision makers

Subscribe
Advertise with Us

Ready to get started?

Get our media kit

Advertise with Us