GoKawiilIf you use the ChatGPT desktop app on Mac, you’ll be forced to update it sometime between now and June 12. That’s due to a security breach involving two OpenAI employee devices …
The reason is a bit involved, but stems from a security issue involving open-source code used by the company. OpenAI stresses that it has found no evidence any user data was accessed nor were its own systems compromised.
On May 11, 2026 UTC, TanStack, a widely used open-source library, was compromised as part of a broader software supply chain attack known as Mini Shai-Hulud. Two employee devices in our corporate environment were impacted by this attack. Upon identification of the malicious activity, we worked quickly to investigate, contain, and take steps to protect our systems. As part of our investigation and response, we engaged a third-party digital forensics and incident response firm. We observed activity consistent with the malware’s publicly described behavior, including unauthorized access and credential-focused exfiltration activity, in a limited subset of internal source code repositories to which the two impacted employees had access. We confirmed that only limited credential material was successfully exfiltrated from these code repositories and that no other information or code was impacted.
The issue is that the code includes the ability to sign certificates for OpenAI products. The company is therefore revoking existing certificates and blocking the opening of apps signed with the previous one.
That will require a forced update of the Mac app, and the company says that additional guidance will be provided to Mac users. No action is needed for iOS or Windows apps.
You don’t need to do anything now, only to update when you are prompted to do so.
Photo by Levart_Photographer on Unsplash