Hackers carried out a large-scale “supply chain” attack last week, hiding malicious code inside hundreds of popular software packages that developers download every day. Two OpenAI employees’ computers were affected—the malware stole internal credentials and accessed some internal code repositories. OpenAI says no customer data, no AI models, and no live services were compromised. However, the incident forced the company to replace its digital code-signing certificates—the seals that prove software is genuinely from OpenAI.
Because those certificates changed, older versions of OpenAI’s desktop app on Mac will no longer be trusted by Apple after June 12, 2026. The app won’t open and will show a security warning until you install the updated version. Windows and iPhone users are not affected by this specific issue.
How to check if you’re affected
Affected versions of the OpenAI desktop application include any Mac version installed before the certificate rotation (released after May 14, 2026):
- Open the OpenAI app and click Help → Check for Updates, or visit openai.com to download the latest version.
- Install the update before June 12, 2026 — after that date, unpatched versions will refuse to launch on macOS.
- If you are a developer who uses
@tanstack/*npm packages, check your project’s package-lock.json for versions published between May 11 and May 14 and update to the latest clean releases.