OpenAI Issues Urgent Security Warning for Mac Users After Internal Breach

OpenAI has issued an urgent security warning to users of its macOS applications, including ChatGPT and Codex, urging them to install the latest updates after a cyberattack affected devices used by some company employees.

According to the company, the attack targeted an open-source software library called “Tanstack.” A hacker uploaded malicious versions through npm packages before they were quickly detected and removed. However, two employee devices at OpenAI had already installed the compromised software, prompting the company to launch an internal investigation.

OpenAI said it found no evidence that user data or production systems were compromised, but it did detect unauthorized activity linked to attempts to steal credentials and code-signing certificates used for its iOS, macOS, and Windows applications.

The company also warned Mac users not to install apps from unofficial links, emails, advertisements, or third-party download sites using the names “OpenAI,” “ChatGPT,” or “Codex.”

OpenAI added that it plans to revoke the affected signing certificates on June 12, meaning outdated apps may no longer run on macOS systems unless updated.