RiskEvents

Developing event. Generated by AI and subject to further corroboration and review.

DevelopingHigh impactAI Refreshed

TanStack npm Supply Chain Attack Affects OpenAI and AI Ecosystem – May 2026

Occurred 14 May 2026·Detected 14 May 2026·
🇺🇸 United States — primarily affecting AI technology companies; OpenAI headquartered in San Francisco, California2 reports
CyberPropertyCyberCasualty & Liability

A supply chain attack compromising the open-source TanStack npm library and additional npm and PyPI packages is affecting multiple AI companies, including OpenAI. OpenAI has urged macOS users to update their software in response to the expanding campaign. GitHub has separately disclosed that attackers accessed approximately 3,800 internal repositories via a malicious version of the Nx Console VS Code extension, which was compromised as part of the same TanStack npm supply chain operation. The full scope of data exposure and attribution remain under investigation.

AI-generated from linked source reports. See our correction policy.

Impact verdict

High impact. The incident has expanded beyond an initial library compromise to a confirmed multi-stage supply chain intrusion at GitHub (~3,800 internal repositories breached via a downstream compromised VS Code extension) and impacts multiple AI companies including OpenAI. This elevates exposure across the AI development ecosystem and major code-hosting infrastructure, though confirmed data exfiltration, financial loss, and customer impact details remain undisclosed. Potential impact is raised to high given the scale of GitHub's confirmed internal repository exposure and the expanding campaign scope, pending further disclosure of data loss and containment status.

View assessment methodology

How we grade what we know -- Known · Reported · Uncertain. Methodology →

Intelligence ledger

Each line expands in place to its underlying sourced claim.

AI refreshed 10 Jun 2026, 00:30

Known9 lines

TanStack npm library has been compromised in a supply chain attack
structured lineknown
No separate sourced-claim record is available for this line yet.
Additional npm and PyPI packages tied to several AI companies are also affected
structured lineknown
No separate sourced-claim record is available for this line yet.
OpenAI has asked macOS users to update their software in response
structured lineknown
No separate sourced-claim record is available for this line yet.
The campaign is described as expanding
structured lineknown
No separate sourced-claim record is available for this line yet.
GitHub confirmed that attackers breached approximately 3,800 internal repositories by exploiting a malicious version of the Nx Console VS Code extension, which was itself compromised as part of the TanStack npm supply chain attack.
github_3800_repos_breached_via_nx_consolerisk reassessmentvalid from 21 May 2026, 07:54Cyber
Market relevance: Major code-hosting platform internal compromise; broad implications for software supply chain risk modelling
GitHub says the hackers who breached 3,800 internal repositories gained access via a malicious version of the Nx Console VS Code extension, compromised in last week's TanStack npm supply-chain attack.” — BleepingComputer · 10 Jun 2026, 00:30
The open-source TanStack npm library was compromised as part of a supply chain attack, with additional npm and PyPI packages also affected and tied to several AI companies.
tanstack_npm_supply_chain_compromiserisk reassessmentvalid from 14 May 2026, 20:55Cyber
Market relevance: Software supply chain risk; impact on open-source dependency management for AI developers
expanding supply chain campaign impacting the popular open-source library TanStack and additional npm and PyPI packages tied to several AI companies” — The Record (Cyber) · 10 Jun 2026, 00:30
The incident is a multi-stage software supply chain compromise: a poisoned npm package distributed through the TanStack ecosystem propagated to the Nx Console VS Code extension used by developers, which was then leveraged to breach GitHub's internal environment.
multi_stage_supply_chain_compromiserisk reassessmentvalid from 21 May 2026, 07:54Cyber
Market relevance: Demonstrates downstream propagation risk from a single upstream open-source compromise across multiple vendor environments
compromise…propagated to the Nx Console extension” — BleepingComputer · 10 Jun 2026, 00:30
OpenAI has urged macOS users to update their software in response to the expanding supply chain campaign.
openai_macos_user_advisoryoperational disruptionvalid from 14 May 2026, 20:55Cyber
Market relevance: Vendor response indicates active threat to AI developer workstations
OpenAI has asked macOS users to update” — The Record (Cyber) · 10 Jun 2026, 00:30
The event has been auto-promoted to developing status following multiple corroborating sources.
lifecycle_developingstatusvalid from 21 May 2026, 07:54
Source · 10 Jun 2026, 00:30

Reported3 lines

Multiple AI companies beyond OpenAI are impacted by the supply chain campaign
structured linereported
No separate sourced-claim record is available for this line yet.
Both npm and PyPI package ecosystems are involved in the attack
structured linereported
No separate sourced-claim record is available for this line yet.
Multiple AI companies beyond OpenAI are reported to be impacted by the supply chain campaign, with the attack spanning both npm and PyPI package ecosystems.
multiple_ai_companies_impactedrisk reassessmentvalid from 14 May 2026, 20:55Cyber
Market relevance: Broad exposure across AI developer tooling and supply chain
additional npm and PyPI packages tied to several AI companies” — The Record (Cyber) · 10 Jun 2026, 00:30

Uncertain6 lines

The full scope and attribution of the supply chain attack remain unclear
structured lineuncertain
No separate sourced-claim record is available for this line yet.
The extent of data exfiltration or system compromise at affected organisations is not confirmed
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Whether the attack is ongoing or contained is not specified
structured lineuncertain
No separate sourced-claim record is available for this line yet.
The full scope of data exposure across the approximately 3,800 breached GitHub internal repositories remains under investigation; specific data exfiltration has not been confirmed.
github_data_exposure_scope_uncertainuncertaintyvalid from 21 May 2026, 07:54Cyber
Market relevance: Limits precision of loss modelling until scope is disclosed
The full scope of data exposure across the breached repositories remains under investigation.” — BleepingComputer · 10 Jun 2026, 00:30
Full attribution of the TanStack npm supply chain attack has not been disclosed.
attack_attribution_uncertainuncertaintyvalid from 21 May 2026, 07:54Cyber
Market relevance: Affects threat actor profiling and accumulation scenarios
Source · 10 Jun 2026, 00:30
Whether the supply chain attack is ongoing or contained has not been publicly confirmed.
attack_containment_status_uncertainuncertaintyvalid from 21 May 2026, 07:54Cyber
Market relevance: Drives near-term accumulation risk for affected vendors and their customers
Source · 10 Jun 2026, 00:30

Geographic Zone Matches

3 active matches

  • TRIA Certified Areas
    Rule-basedConfidence 100%
  • Pacific Ring of Fire
    Rule-basedConfidence 100%
  • Caribbean Hurricane Zone
    Rule-basedConfidence 100%

Geographic zone matches are RiskEvents spatial/analytical indicators, not coverage determinations or Lloyd's official classifications.

Affected countries

🇺🇸 United States

Latest developments

  • Summary refreshed from cited evidence.
  • Public reporting does not yet confirm whether the campaign is ongoing or contained.
  • TanStack npm library and related npm/PyPI packages have been confirmed compromised in an active supply chain attack affecting AI companies. The Record (Cyber)
  • OpenAI has issued an advisory asking macOS users to update their software in response to the attack. The Record (Cyber)
  • Event is in active development with multiple sources confirming an expanding campaign.
  • GitHub disclosed that approximately 3,800 internal repositories were accessed via a downstream compromised VS Code extension linked to the TanStack npm attack. BleepingComputer
  • The attack chain shows propagation from the TanStack npm compromise to the Nx Console extension and into GitHub's internal environment. BleepingComputer
  • Multiple AI companies beyond OpenAI are reported impacted across npm and PyPI ecosystems. The Record (Cyber)

Timeline

Intelligence Refresh10 Jun 2026, 00:30
Escalation10 Jun 2026, 00:30

AI impact assessment increased

The incident has expanded beyond an initial library compromise to a confirmed multi-stage supply chain intrusion at GitHub (~3,800 internal repositories breached via a downstream compromised VS Code extension) and impacts multiple AI companies including OpenAI. This elevates exposure across the AI development ecosystem and major code-hosting infrastructure, though confirmed data exfiltration, financial loss, and customer impact details remain undisclosed. Potential impact is raised to high given the scale of GitHub's confirmed internal repository exposure and the expanding campaign scope, pending further disclosure of data loss and containment status.

Status Change21 May 2026, 07:54

Status changed to developing

Auto-promoted: multiple sources

Corroboration21 May 2026, 07:54

GitHub has confirmed that hackers breached approximately 3,800 internal repositories by exploiting a malicious version of the Nx Console VS Code extension, which was compromised as part of a broader TanStack npm supply-chain attack. The attack vector involved a poisoned npm package distributed through the TanStack ecosystem, which then propagated to the Nx Console extension used by developers. This represents a multi-stage software supply chain compromise affecting a major code hosting and development infrastructure platform. The full scope of data exposure across the breached repositories remains under investigation.

Source: BleepingComputer (Trade Media) · View source

Initial Detection14 May 2026, 20:55

Initial Detection

A supply chain attack targeting the popular open-source TanStack npm library and additional npm and PyPI packages has impacted several AI companies, including OpenAI. OpenAI has urged macOS users to update their software in response to the expanding campaign. The incident represents a broad supply chain compromise affecting the AI development ecosystem. The attack has prompted advisories from affected organisations and ongoing investigation.

The actions are being taken in light of an expanding supply chain campaign impacting the popular open-source library TanStack and additional npm and PyPI packages tied to several AI companies.

Source: The Record (Cyber) (Trade Media) · View source

Lloyd's classifications

Tracking this kind of risk? Get an email when Cyber events escalate.

Get alerts
← Back to live events