{"@type":"StructuredNewsArticle","access":{"license":"neupai_standard","structured_data":"free","full_text_access":null,"full_text_available":false,"attribution_required":true},"content":{"claims":[{"id":"c1","type":"fact","as_of":"2026-05","figures":null,"insight":null,"as_of_raw":"May 2026","statement":"OpenAI suffered an open source software supply chain attack that compromised some employee devices and resulted in partial theft of internal source code","comparison":null,"expiry_hint":null,"source_type":"company_disclosure","as_of_explicit":false},{"id":"c2","type":"fact","as_of":"2026-05-11","figures":null,"insight":null,"as_of_raw":"May 11","statement":"Attackers planted 84 malicious versions across 42 packages in the npm repository in just 6 minutes on May 11","comparison":null,"expiry_hint":null,"source_type":"journalist_analysis","as_of_explicit":true},{"id":"c3","type":"fact","as_of":"2026-05-11","figures":null,"insight":null,"as_of_raw":"within about 20 minutes","statement":"External researchers detected and reported this in about 20 minutes","comparison":null,"expiry_hint":null,"source_type":"journalist_analysis","as_of_explicit":false},{"id":"c4","type":"fact","as_of":"2026-05","figures":null,"insight":null,"as_of_raw":"May 2026","statement":"The damage was not limited to TanStack but spread to over 160 packages in the npm and PyPI ecosystems, including Mistral AI and UiPath","comparison":null,"expiry_hint":null,"source_type":"journalist_analysis","as_of_explicit":false}],"topics":["cybersecurity","open source","ai"],"summary":"OpenAI confirmed it suffered from a supply chain attack through the TanStack open source library, resulting in compromised employee devices and partial theft of internal source code. The attackers planted 84 malicious versions across 42 packages in just 6 minutes on May 11, with the damage spreading to over 160 packages.","entities":[{"name":"OpenAI","type":"company","metadata":{"parent":null,"ticker":null},"canonical_id":"corp:us:openai","role_in_article":"primary_subject"},{"name":"TanStack","type":"product","metadata":{"parent":null,"ticker":null},"canonical_id":"product:us:tanstack","role_in_article":"primary_subject"},{"name":"Mistral AI","type":"company","metadata":{"parent":null,"ticker":null},"canonical_id":"corp:fr:mistral-ai","role_in_article":"mentioned"},{"name":"UiPath","type":"company","metadata":{"parent":null,"ticker":null},"canonical_id":"corp:us:uipath","role_in_article":"mentioned"},{"name":"TeamPCP","type":"organization","metadata":{"parent":null,"ticker":null},"canonical_id":"org:xx:kpcp","role_in_article":"mentioned"}],"headline":"TanStack Open Source Supply Chain Attack Reaches OpenAI...\"User Data is Safe\"","geography":["US"],"ai_emotional_context":{"arousal":0,"valence":0,"primary_emotions":[],"emotional_triggers":[],"secondary_emotions":[]}},"@context":"https://neupai.io/schema/v0.2","identity":{"ai_url":null,"author":"버트","language":"en","publisher":{"name":"테크42","type":"online","domain":"tech42.co.kr"},"article_id":"tech42_20260514_tanstack-supply-chain-attack-openai","updated_at":null,"originality":"self_produced","article_type":"straight_news","published_at":"2026-05-14T23:32:58.000Z","canonical_url":"https://www.tech42.co.kr/%ed%83%a0%ec%8a%a4%ed%83%9d-%ec%98%a4%ed%94%88%ec%86%8c%ec%8a%a4-%ea%b3%b5%ea%b8%89%eb%a7%9d-%ea%b3%b5%ea%b2%a9-%ec%98%a4%ed%94%88ai%ea%b9%8c%ec%a7%80-%ed%94%bc%ed%95%b4-%ec%82%ac%ec%9a%a9/?utm_source=rss&utm_medium=rss&utm_campaign=%25ed%2583%25a0%25ec%258a%25a4%25ed%2583%259d-%25ec%2598%25a4%25ed%2594%2588%25ec%2586%258c%25ec%258a%25a4-%25ea%25b3%25b5%25ea%25b8%2589%25eb%25a7%259d-%25ea%25b3%25b5%25ea%25b2%25a9-%25ec%2598%25a4%25ed%2594%2588ai%25ea%25b9%258c%25ec%25a7%2580-%25ed%2594%25bc%25ed%2595%25b4-%25ec%2582%25ac%25ec%259d%25a9"},"temporal":{"freshness":"recent","next_update_expected":null},"provenance":{"source_chain":["primary_reporting"],"related_articles":[],"original_source_url":null}}