OpenAI confirmed this week that hackers tied to the Shai-Hulud malware campaign breached parts of its internal development environment through a compromised open-source software package. The incident follows similar disclosures from Mistral AI as hackers increasingly target software tools used to build AI models and applications.
In a blog post on Wednesday, OpenAI said hackers compromised TanStack npm, a software tool developers use to download and manage coding packages. The company said malware infected two employee devices, and gave attackers access to a small number of internal code storage systems before OpenAI stopped the activity.
“We observed activity consistent with the malware’s publicly described behavior, including unauthorized access and credential-focused exfiltration activity, in a limited subset of internal source code repositories to which the two impacted employees had access,” OpenAI wrote.
The company said it found no evidence that customer data, production systems, or intellectual property were compromised.
OpenAI said the impacted repositories included code-signing certificates used for products on macOS, Windows, and iOS. Those certificates help operating systems verify that software actually comes from a trusted company and has not been altered.
“As a result, we are rotating code-signing certificates as a precaution, which will require macOS users to update their applications,” the company said. “Users do not need to take any action for Windows and iOS apps. Additional guidance will be provided to macOS users regarding these required updates.”
OpenAI said macOS users must update OpenAI apps before June 12. Older versions signed with the previous certificates may stop functioning after that date.
OpenAI did not immediately respond to a request for comment by Decrypt.
The disclosure follows reports earlier this week involving Microsoft and French AI startup Mistral AI tied to the same broader malware campaign.
On Monday, Microsoft Threat Intelligence said attackers inserted malicious code into a Mistral AI software package distributed through PyPI, a platform developers use to download Python software tools. According to Microsoft, the malware downloaded another malicious file designed to resemble Hugging Face’s popular Transformers library, so it would blend into AI development environments.
OpenAI said the attacks highlight growing risks across the tech industry.
“This incident reflects a broader shift in the threat landscape: Attackers are increasingly targeting shared software dependencies and development tooling rather than any single company,” they wrote.
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
Read the full article here
Verify the accuracy of this article using AI-powered analysis and real-time sources.
Enter your email to receive detailed fact-checking analysis
You've used your 5 free reports. Sign up for unlimited access!
Already have an account? Sign in here
The FSNN News Room is the voice of our in-house journalists, editors, and researchers. We deliver timely, unbiased reporting at the crossroads of finance, cryptocurrency, and global politics, providing clear, fact-driven analysis free from agendas.
We and our selected partners wish to use cookies to collect information about you for functional purposes and statistical marketing. You may not give us your consent for certain purposes by selecting an option and you can withdraw your consent at any time via the cookie icon.
Cookies are small text that can be used by websites to make the user experience more efficient. The law states that we may store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies, we need your permission. This site uses various types of cookies. Some cookies are placed by third party services that appear on our pages.
Freedom Index