OpenAI confirmed this week that hackers tied to the Shai-Hulud malware campaign breached parts of its internal development environment through a compromised open-source software package.
The company said malware infected two employee devices and gave attackers access to a small number of internal code storage systems before OpenAI stopped the activity.
OpenAI stated the impacted repositories included code-signing certificates used for products on macOS, Windows, and iOS. The company is rotating those certificates as a precaution, requiring macOS users to update their applications before June 12.
The company said it found no evidence that customer data, production systems, or intellectual property were compromised.
The disclosure follows similar incidents involving Microsoft and Mistral AI tied to the same broader malware campaign, highlighting growing risks across the tech industry.