OpenAI confirmed this week that hackers tied to the Shai-Hulud malware campaign breached parts of its internal development environment through a compromised open-source software package. The incident follows similar disclosures from Mistral AI as hackers increasingly target software tools used to build AI models and applications.

In a blog post on Wednesday, OpenAI said hackers compromised TanStack npm, a software tool developers use to download and manage coding packages. The company said malware infected two employee devices, and gave attackers access to a small number of internal code storage systems before OpenAI stopped the activity.

“We observed activity consistent with the malware’s publicly described behavior, including unauthorized access and credential-focused exfiltration activity, in a limited subset of internal source code repositories to which the two impacted employees had access,” OpenAI wrote.

The company said it found no evidence that customer data, production systems, or intellectual property were compromised.



OpenAI said the impacted repositories included code-signing certificates used for products on macOS, Windows, and iOS. Those certificates help operating systems verify that software actually comes from a trusted company and has not been altered.

“As a result, we are rotating code-signing certificates as a precaution, which will require macOS users to update their applications,” the company said. “Users do not need to take any action for Windows and iOS apps. Additional guidance will be provided to macOS users regarding these required updates.”

OpenAI said macOS users must update OpenAI apps before June 12. Older versions signed with the previous certificates may stop functioning after that date.

OpenAI did not immediately respond to a request for comment by Decrypt.

The disclosure follows reports earlier this week involving Microsoft and French AI startup Mistral AI tied to the same broader malware campaign.

On Monday, Microsoft Threat Intelligence said attackers inserted malicious code into a Mistral AI software package distributed through PyPI, a platform developers use to download Python software tools. According to Microsoft, the malware downloaded another malicious file designed to resemble Hugging Face’s popular Transformers library, so it would blend into AI development environments.

OpenAI said the attacks highlight growing risks across the tech industry.

“This incident reflects a broader shift in the threat landscape: Attackers are increasingly targeting shared software dependencies and development tooling rather than any single company,” they wrote.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。