HomeIntelligenceBrief
BREACH BRIEF🟠 High Breach

OpenAI Compromised by Malicious TanStack npm Packages in Supply‑Chain Attack

OpenAI confirmed that two employee workstations were infected after the TeamPCP group injected malicious TanStack npm packages into the supply chain. The attack exfiltrated credential material from internal code repositories but did not affect customer data or core intellectual property, underscoring the risk of third‑party package abuse for TPRM.

LiveThreat™ Intelligence · 📅 May 16, 2026· 📰 securityaffairs.com
🟠
Severity
High
BR
Type
Breach
🎯
Confidence
High
🏢
Affected
3 sector(s)
Actions
5 recommended
📰
Source
securityaffairs.com

OpenAI Compromised by Malicious TanStack npm Packages in Supply‑Chain Attack

What Happened — OpenAI disclosed that two employee workstations were infected after the TeamPCP hacking group injected 84 malicious packages into the TanStack open‑source ecosystem. The packages, delivered through hijacked GitHub Actions OIDC tokens, installed the Mini Shai‑Hulud worm, which harvested credentials from CI/CD environments and internal source‑code repositories.

Why It Matters for TPRM

  • Supply‑chain attacks on open‑source libraries can bypass traditional perimeter defenses and reach high‑value targets.
  • Credential theft from CI/CD pipelines gives attackers footholds that can be leveraged against downstream customers and partners.
  • The incident highlights the need for continuous monitoring of third‑party package provenance and strict secret‑management controls.

Who Is Affected — AI/ML SaaS providers, cloud‑based API platforms, and any organization that consumes npm packages from the TanStack ecosystem or similar open‑source supply chains.

Recommended Actions

  • Audit all npm dependencies for TanStack‑related packages and verify their provenance.
  • Enforce short‑lived, least‑privilege OIDC tokens for GitHub Actions and implement SLSA verification.
  • Rotate all exposed credentials, especially code‑signing certificates, and re‑sign affected binaries.
  • Harden CI/CD secret storage (e.g., use vault solutions, secret scanning, and environment isolation).
  • Conduct a supply‑chain risk assessment for all third‑party libraries and enforce a “zero‑trust” policy for package publishing pipelines.

Technical Notes — The attack leveraged compromised GitHub Actions OIDC tokens to publish malicious npm packages that generated valid SLSA Level 3 attestations, making them appear legitimate. The worm stole secrets from over 100 known credential locations, persisted in developer tools such as VS Code and Claude Code, and spread automatically to other packages maintained by compromised authors. No customer data, production systems, or core intellectual property were confirmed as compromised. Source: Security Affairs

📰 Original Source
https://securityaffairs.com/192222/hacking/openai-hit-by-supply-chain-attack-linked-to-malicious-tanstack-packages.html

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

Monitor Your Vendor Risk with LiveThreat™

Get automated breach alerts, security scorecards, and intelligence briefs when your vendors are compromised.

Start Free Trial → Learn About Scorecards
← All Intelligence Briefs Breach Watch Feed →