// Alert

Openai threat report

OpenAI confirmed on May 13, 2026 that an internal investigation found no evidence ChatGPT user data or internal systems were accessed in connection with a supply-chain attack against the TanStack npm package, a widely used open-source JavaScript library. The compromised package versions reportedly contained unauthorized modifications designed to harvest sensitive information from developers and applications pulling in the infected dependency. OpenAI stated its security teams moved quickly to assess exposure and monitor affected environments after reports of the malicious package surfaced. The company indicated its infrastructure and customer data remained secure throughout the incident. The disclosure adds OpenAI to the list of organizations reviewing exposure from the TanStack npm compromise and underscores ongoing risk from third-party open-source dependencies.

// Get alerts for Openai