## OpenAI Confirms Supply Chain Breach: Two Employee Devices Hit via TanStack Attack
OpenAI has confirmed that two employee devices were compromised through a supply chain attack targeting TanStack, an open-source software library. The company stated that no user data or production systems were affected by the incident. The breach is part of a broader campaign in which hackers hijacked multiple open-source projects and pushed malicious updates designed to spread malware across corporate networks.

The attack leveraged TanStack's development infrastructure to inject malicious code into software updates, which were then distributed to organizations relying on the affected libraries. Security researchers tracking the campaign identified several compromised open-source projects, suggesting the attackers strategically targeted widely-used dependencies to maximize their reach. OpenAI's disclosure indicates its internal security team detected the intrusion through standard monitoring protocols, enabling a response before the threat actors could expand their foothold.

The incident underscores persistent vulnerabilities in the open-source software supply chain, where trusted libraries serve as attack vectors into enterprise environments. While OpenAI's production systems remained intact, the exposure of employee devices raises questions about endpoint security practices at AI firms handling sensitive research and development. Industry analysts note that supply chain attacks on developer tooling have accelerated, with threat actors increasingly focusing on packages with large corporate adoption rates. Organizations using TanStack or related open-source dependencies have been advised to audit their update mechanisms and verify the integrity of recently installed packages.
---
- **Source**: Techmeme Echo RSS
- **Sector**: The Lab
- **Tags**: openai, supply-chain-attack, tanstack, malware, open-source-security
- **Credibility**: unverified
- **Published**: 2026-05-14 17:48:23
- **ID**: 83116
- **URL**: https://whisperx.ai/en/intel/83116