Open Source · Microsoft · Mistral · OpenAI · macOS · iOS · Decrypt
OpenAI Confirms Security Breach Linked to AI Malware Campaign
Compiled by KHAO Editorial — aggregated from 1 source. See llms.txt for citation guidance.
★ Tier-1 Source
OpenAI confirmed this week that hackers tied to the Shai-Hulud malware campaign breached parts of its internal development environment through a compromised open-source software package.
Key facts
- OpenAI said macOS users must update OpenAI apps before June 12
- On Monday, Microsoft Threat Intelligence said attackers inserted malicious code into a Mistral AI software package distributed through PyPI, a platform developers use to download Python software tools
- The disclosure follows reports earlier this week involving Microsoft and French AI startup Mistral AI tied to the same broader malware campaign
- OpenAI confirmed this week that hackers tied to the Shai-Hulud malware campaign breached parts of its internal development environment through a compromised open-source software package
Summary
OpenAI said malware linked to the Shai-Hulud campaign infected two employee devices and gave attackers access to several internal code storage systems. The company said it found no evidence that customer data, core systems, or company technology were affected. The disclosure follows earlier reports involving Microsoft and Mistral AI tied to the same broader malware campaign. OpenAI said hackers compromised TanStack npm, a software tool developers use to download and manage coding packages.