OpenAI Discloses Corporate Devices Hit by TanStack Supply Chain Attack
OpenAI has confirmed that two of its corporate employee devices were impacted by the Mini Shai-Hulud supply chain attack targeting the TanStack npm ecosystem. The AI company stated that no user data, production systems, or intellectual property were compromised or modified in an unauthorized manner as a result of the incident.
The disclosure comes amid a broader wave of supply chain attacks attributed to the threat group TeamPCP, which has weaponized the Shai-Hulud worm against widely-used open-source packages throughout May 2026.
What Happened
The Mini Shai-Hulud campaign targeted TanStack — a popular collection of open-source JavaScript/TypeScript libraries including TanStack Query, TanStack Router, and TanStack Table, collectively used by millions of developers worldwide. Attackers injected malicious code into TanStack-related npm packages that, when installed, attempted to compromise developer machines and exfiltrate credentials.
OpenAI identified that two employees in its corporate environment had installed affected package versions on their macOS devices. Upon discovery, the company pushed mandatory macOS updates across impacted systems and launched an investigation to confirm the blast radius.
"Upon identification of the affected devices, we immediately took action to contain the exposure, remediate the affected systems, and notify the relevant employees," OpenAI stated.
The company confirmed its assessment that no user-facing services, model weights, training data, or API infrastructure were reachable from the compromised developer endpoints.
The Mini Shai-Hulud Campaign
The Shai-Hulud worm — named after the giant sandworms in Frank Herbert's Dune — is a self-spreading npm supply chain attack first attributed to TeamPCP in early May 2026. It operates by:
- Compromising npm package maintainer accounts via phishing and credential theft
- Injecting a worm payload into popular packages that executes on
npm install - Spreading to other packages in the same developer environment by modifying local
package.jsonfiles and publishing poisoned versions - Exfiltrating credentials from the infected machine, targeting cloud provider tokens, API keys, and browser-stored passwords
TanStack packages represent a high-value target given their presence in virtually every React-based enterprise application. The "Mini" variant of the worm is a stripped-down version designed for stealth, focusing on credential theft rather than the full lateral-movement capability of the original Shai-Hulud code.
Known Affected Packages
The campaign has been confirmed to have touched packages across the TanStack ecosystem during the attack window. Developers who ran npm install on affected package versions between the injection and remediation window should assume their development machines may be compromised.
Impact Assessment
| Area | Status |
|---|---|
| OpenAI user data | Not compromised |
| Production API systems | Not compromised |
| Model weights / training data | Not compromised |
| Employee devices (direct) | 2 devices affected |
| Credential exposure risk | Under investigation |
What Developers Should Do
If your project depends on TanStack packages, take the following steps immediately:
1. Audit Your npm Install History
# Check for suspicious postinstall scripts in recent installs
npm audit
cat ~/.npm/_logs/*.log | grep -i "postinstall\|preinstall" | tail -1002. Rotate All Secrets on Affected Machines
Any developer machine that ran npm install during the attack window should be treated as potentially compromised:
- Rotate all cloud provider credentials (AWS, GCP, Azure)
- Revoke and reissue API keys (OpenAI, GitHub, npm tokens)
- Change passwords stored in browser credential managers
- Revoke active SSH keys and regenerate
3. Update All TanStack Dependencies
# Update to the latest patched versions
npm update @tanstack/react-query @tanstack/router @tanstack/react-table
# Verify package integrity
npm audit fix4. Enable npm Package Provenance
# Use --dry-run to audit before installing
npm install --dry-run
# Enable audit on all installs in your .npmrc
echo "audit=true" >> ~/.npmrcBroader Context: TeamPCP's Escalating Campaign
The Mini Shai-Hulud attack on TanStack is the latest in a string of high-profile supply chain incidents linked to TeamPCP in 2026. Earlier attacks compromised packages including Mistral AI, Checkmarx, Bitwarden CLI, and several SAP-related npm packages. On May 15, 2026, TeamPCP escalated further by publicly releasing the full Shai-Hulud worm source code — effectively commoditizing the attack for other threat actors.
The OpenAI disclosure, while limited in confirmed impact, highlights the persistent risk that even organizations with mature security programs face when developer toolchains are compromised upstream.