{"@context":"https://neupai.io/schema/v0.2","@type":"StructuredNewsArticle","identity":{"article_id":"tech42_20260514_tanstack-supply-chain-attack-openai","canonical_url":"https://www.tech42.co.kr/%ed%83%a0%ec%8a%a4%ed%83%9d-%ec%98%a4%ed%94%88%ec%86%8c%ec%8a%a4-%ea%b3%b5%ea%b8%89%eb%a7%9d-%ea%b3%b5%ea%b2%a9-%ec%98%a4%ed%94%88ai%ea%b9%8c%ec%a7%80-%ed%94%bc%ed%95%b4-%ec%82%ac%ec%9a%a9/?utm_source=rss&utm_medium=rss&utm_campaign=%25ed%2583%25a0%25ec%258a%25a4%25ed%2583%259d-%25ec%2598%25a4%25ed%2594%2588%25ec%2586%258c%25ec%258a%25a4-%25ea%25b3%25b5%25ea%25b8%2589%25eb%25a7%259d-%25ea%25b3%25b5%25ea%25b2%25a9-%25ec%2598%25a4%25ed%2594%2588ai%25ea%25b9%258c%25ec%25a7%2580-%25ed%2594%25bc%25ed%2595%25b4-%25ec%2582%25ac%25ec%259d%25a9","ai_url":null,"publisher":{"name":"테크42","domain":"tech42.co.kr","type":"online"},"author":"버트","published_at":"2026-05-14T23:32:58.000Z","updated_at":null,"language":"en","article_type":"straight_news","originality":"self_produced"},"content":{"headline":"TanStack Open Source Supply Chain Attack Reaches OpenAI...\"User Data is Safe\"","summary":"OpenAI confirmed it suffered from a supply chain attack through the TanStack open source library, resulting in compromised employee devices and partial theft of internal source code. The attackers planted 84 malicious versions across 42 packages in just 6 minutes on May 11, with the damage spreading to over 160 packages.","topics":["cybersecurity","open source","ai"],"geography":["US"],"entities":[{"name":"OpenAI","canonical_id":"corp:us:openai","type":"company","role_in_article":"primary_subject","metadata":{"ticker":null,"parent":null}},{"name":"TanStack","canonical_id":"product:us:tanstack","type":"product","role_in_article":"primary_subject","metadata":{"ticker":null,"parent":null}},{"name":"Mistral AI","canonical_id":"corp:fr:mistral-ai","type":"company","role_in_article":"mentioned","metadata":{"ticker":null,"parent":null}},{"name":"UiPath","canonical_id":"corp:us:uipath","type":"company","role_in_article":"mentioned","metadata":{"ticker":null,"parent":null}},{"name":"TeamPCP","canonical_id":"org:xx:kpcp","type":"organization","role_in_article":"mentioned","metadata":{"ticker":null,"parent":null}}],"claims":[{"id":"c1","statement":"OpenAI suffered an open source software supply chain attack that compromised some employee devices and resulted in partial theft of internal source code","as_of":"2026-05","as_of_explicit":false,"as_of_raw":"May 2026","source_type":"company_disclosure","comparison":null,"type":"fact","figures":null,"expiry_hint":null,"insight":null},{"id":"c2","statement":"Attackers planted 84 malicious versions across 42 packages in the npm repository in just 6 minutes on May 11","as_of":"2026-05-11","as_of_explicit":true,"as_of_raw":"May 11","source_type":"journalist_analysis","comparison":null,"type":"fact","figures":null,"expiry_hint":null,"insight":null},{"id":"c3","statement":"External researchers detected and reported this in about 20 minutes","as_of":"2026-05-11","as_of_explicit":false,"as_of_raw":"within about 20 minutes","source_type":"journalist_analysis","comparison":null,"type":"fact","figures":null,"expiry_hint":null,"insight":null},{"id":"c4","statement":"The damage was not limited to TanStack but spread to over 160 packages in the npm and PyPI ecosystems, including Mistral AI and UiPath","as_of":"2026-05","as_of_explicit":false,"as_of_raw":"May 2026","source_type":"journalist_analysis","comparison":null,"type":"fact","figures":null,"expiry_hint":null,"insight":null}],"ai_emotional_context":{"valence":0,"arousal":0,"primary_emotions":[],"secondary_emotions":[],"emotional_triggers":[]}},"provenance":{"source_chain":["primary_reporting"],"original_source_url":null,"related_articles":[]},"temporal":{"freshness":"recent","next_update_expected":null},"access":{"license":"neupai_standard","attribution_required":true,"structured_data":"free","full_text_available":false,"full_text_access":null}}