If you use the ChatGPT desktop app on Mac, you will be required to update it by June 12. This is due to a security breach involving two OpenAI employee devices…
The reason is a bit complex, but stems from a security issue involving the open source code used by the company. OpenAI emphasizes that it has found no evidence that user data was accessed and that its own systems were not compromised.
On May 11, 2026 UTC, TanStack, a widely used open source library, was compromised as part of a broader software supply chain attack known as Mini Shai-Hulud.
Two employee devices in our corporate environment were affected by this attack. After identifying the malicious activity, we worked quickly to investigate, contain and take action to protect our systems. As part of our investigation and response, we have engaged a third-party digital investigation and incident response company.
We observed activity consistent with the malware’s publicly described behavior, including unauthorized access and credential-driven exfiltration activity, in a limited subset of internal source code repositories to which the two affected employees had access. We have confirmed that only a limited number of identifying documents were successfully exfiltrated from these code repositories and that no other information or code was impacted.
The problem is that the code includes the ability to sign certificates for OpenAI products. The company therefore revokes existing certificates and blocks the opening of applications signed with the previous one.
This will require a forced update of the Mac app, and the company says additional guidance will be provided to Mac users. No action is required for iOS or Windows apps.
You don’t need to do anything now, just update when prompted.
Photo by Levart_Photographer on Unsplash
FTC: We use automatic, revenue-generating affiliate links. More.