OpenAI responds to supply-chain attack targeting internal code signing certificates | Fuse Squared
Close Menu
🛡️
Your Privacy, With Layers of Protection.
Quick Poll
Do you believe WhatsApp messaging is private and secure?
Learn More
Cloud Computing

OpenAI responds to supply-chain attack targeting internal code signing certificates

News RoomBy 2 Mins Read929 Views

Listen to the article

0:00
0:00

OpenAI has confirmed that a supply-chain breach linked to the Shai-Hulud malware campaign exposed internal code-signing certificates, prompting a security response amidst rising threats to AI companies’ development infrastructure.

OpenAI has confirmed that two employee devices were infected in a supply-chain attack linked to the Shai-Hulud malware campaign, allowing intruders brief access to a limited set of internal code repositories. The company said it found no evidence that customer data, production systems or core technology were compromised, but acknowledged that the incident affected parts of its internal development environment. According to OpenAI, the attackers got in through a compromised open-source package used by developers to manage software dependencies.

The most sensitive material exposed in the intrusion appears to have been code-signing certificates used for OpenAI applications on macOS, Windows and iOS. OpenAI said it is now rotating those certificates as a precaution and warned that Mac users will need to update their apps before 12 June, after which older versions signed with the retired certificates may stop working. Windows and iOS users, the company said, do not need to take any immediate action.

The disclosure comes amid a wider run of attacks that have targeted the software supply chain around AI firms. Microsoft Threat Intelligence said earlier this week that a separate malicious package had been inserted into Mistral AI’s software distribution on PyPI, with the payload designed to resemble Hugging Face’s Transformers library so it would blend into development workflows. Mistral later confirmed that the episode affected its supply chain rather than its own infrastructure.

The OpenAI incident also follows the company’s recent disclosure of a separate breach at analytics provider Mixpanel, which exposed some API user metadata but not prompts, keys or payment information. Taken together, the episodes underline how AI companies are being forced to contend with a growing security threat not only to their own systems, but to the third-party tools and code libraries their engineers rely on. OpenAI has said the pattern reflects a broader shift in which attackers are increasingly focusing on shared software dependencies and development tooling rather than a single company’s network.

Source Reference Map

Inspired by headline at: [1]

Sources by paragraph:

Source: Fuse Wire Services

Access Our Exclusive Research

In-depth analysis and actionable data to keep you ahead of the curve.

Explore Reports
View Whitepapers

Never Miss an Update. Get our latest research delivered straight to your inbox.

Share.

News Room is the dedicated editorial voice of Fuse Squared, delivering timely updates, insights, and analysis across the world of information technology. Covering everything from AI breakthroughs and cloud computing to cybersecurity, datacenters, enterprise software, storage, and mobile innovations, the News Room ensures readers stay ahead in the fast-changing digital landscape.

Keep Reading

News

Company

Services

© 2026 Fuse squared. All Rights Reserved. Designed By Sawah Solutions