OpenAI has disclosed details of its response to the recent TanStack npm supply chain attack, confirming that two employee devices were affected during the broader malware campaign known as Mini Shai-Hulud. The company said it found no evidence that customer data, production systems, or intellectual property were compromised during the incident.

The disclosure comes as software supply chain attacks continue to target widely used open-source dependencies and developer tooling. OpenAI stated that the attack involved a compromised version of the popular open-source library TanStack npm, which was used in parts of its internal environment.

According to the company, the incident was identified o...