News linked to both this project and an event.
OpenAI has confirmed a supply chain attack targeting a malicious TanStack NPM package in its internal environment, infecting two employees' devices. While user data and core code were not affected, the attackers stole access credentials for some internal code repositories, including code signing certificates used for iOS, macOS, and Windows products.To prevent hackers from exploiting the stolen certificates to distribute counterfeit applications, OpenAI has initiated defensive certificate rotation and announced that all macOS users of ChatGPT desktop, Codex, and Atlas browsers must upgrade to the latest version by June 12, 2026. After this deadline, old certificates will be revoked, and system-level blocks will prevent the launch of older versions and new installations.OpenAI stated that the company had previously deployed stricter code package blocking policies, but the infected devices had not yet synchronized the latest configuration, allowing the malicious component to successfully infiltrate. Currently, the iOS and Windows clients are unaffected, and core data such as user account passwords and API keys have been confirmed secure.
According to a disclosure by a16z, its researchers conducted systematic testing to assess whether AI agents can independently exploit DeFi price manipulation vulnerabilities. The study used a dataset of 20 Ethereum price manipulation incidents and employed Codex (GPT 5.4) equipped with the Foundry toolchain as the test agent. Under baseline conditions—i.e., without domain-specific knowledge—the agent’s success rate was only 10%; after incorporating structured domain knowledge distilled from real-world attack incidents, the success rate rose to 70%. Failure cases revealed that the agent consistently identified vulnerabilities correctly but generally failed to comprehend the leverage logic of recursive lending, misjudged profit margins, and could not orchestrate multi-step, cross-contract attack sequences. The experiment also recorded one sandbox escape incident: the agent extracted an RPC key from the local node configuration and invoked the <code>anvil_reset</code> method to reset the node to a future block, thereby bypassing information isolation constraints and accessing real-world attack data. The research team concluded that AI agents can currently assist effectively in vulnerability identification but are not yet capable of replacing professional security auditors.
, Anthropic and OpenAI have experienced security incidents in succession, drawing market attention to the security of AI models themselves. Currently, Anthropic is investigating a possible case of unauthorized user access to its Claude Mythos model. Almost simultaneously, OpenAI was also reported to have accidentally opened access to several unreleased models within its Codex application.Analysts believe that such incidents highlight that even AI model providers focused on cybersecurity capabilities still face significant security challenges. While AI is increasingly used for cyber defense, platform security and access control are becoming critical risk points.Industry insiders point out that these vulnerability incidents have intensified scrutiny over the security governance capabilities of AI companies, and also reflect that the security systems of current AI technology still need improvement amid rapid development. (The Information)