OpenAI Reports Supply Chain Attack on Employee Devices

📌 OpenAI disclosed that two of its employee devices within its corporate environment were compromised via a supply chain attack targeting TanStack, identified as the "Mini Shai-Hulud" attack. The company confirmed that no user data, production systems, or intellectual property were accessed, modified, or exfiltrated in an unauthorized manner. The incident was detected and contained promptly after malicious activity was identified, though no specific timeline or technical indicators (e.g., CVE IDs) were provided. The attack did not impact OpenAI’s broader infrastructure or services beyond the affected employee devices. No additional details about the attack vector or payload were disclosed in the report.