If you’ve been using the ChatGPT desktop app on macOS, you may want to update it as soon as possible. OpenAI recently confirms a security incident tied to a supply-chain attack that affects some of its systems and macOS applications.
OpenAI says the compromised repositories contain code-signing certificates for its iOS, macOS, and Windows applications. As a precaution, the company is rotating those certificates, which requires macOS users to update their apps. Meanwhile, Windows and iOS users do not need to take any action.
According to the company’s official blog post, the incident links to the “Mini Shai-Hulud” TanStack npm supply-chain attack. OpenAI says two employee devices were compromised during the attack, although it adds that there is currently no evidence that user data or production systems were affected.
OpenAI also confirms that limited credential material was exfiltrated from affected code repositories. However, it says no other information or code was impacted during the incident.
The AI firm says it quickly contains the malicious activity after detecting it. It has also engaged a third-party digital forensics and incident response firm to investigate the incident further.
Circling back to the required updates, OpenAI says it will provide additional guidance to macOS users regarding the changes. The company is currently rolling out a software update, although full deployment continues through to 12 June 2026.
(Source: OpenAI)
