Updates for 5/17

TanStack npm supply-chain attack compromised 2 OpenAI employee endpoints; macOS ChatGPT/Codex users must update by June 12, 2026

Last week it emerged that malicious code had been injected into TanStack npm packages — a widely used React routing and query library. Today OpenAI confirmed two employee endpoints were compromised, and the macOS desktop apps (ChatGPT and Codex) are affected. The web version at chat.openai.com is not involved — this is a desktop app issue only.

If you use ChatGPT or Codex on macOS, update today — do not wait until June 12. Running the unpatched version means staying on a known-compromised build. Web-only users and Windows users are unaffected. IT teams managing macOS fleet deployments should treat this as a priority patch.

Supply-chain attack (TeamPCP via Shai-Hulud) exfiltrated ~5GB across ~450 internal repos (training, fine-tuning, benchmark, inference pipelines) with a $25,000 extortion demand; Mistral confirmed the breach but said core repos, hosted services, user data, and research environments were unaffected

For roughly three months, security researchers had tracked an attacker group targeting European AI companies' repositories — but no confirmed Mistral breach until today. Mistral's open-weight strategy means a lot of code is public, making the public/private boundary less obvious from the outside. Today the breach is confirmed: ~450 internal repos, ~5GB, including training, fine-tuning, and inference pipeline code.

Mistral says user data and production services are unaffected, so most users do not need to do anything right now. If you run a commercial service on Mistral models, watch for official follow-up disclosures — the stolen pipeline code could surface in model-cloning attempts. For personal or hobbyist use, this is background noise with no immediate action required.

From 2026/6/15, programmatic use (Claude Agent SDK / claude -p, incl. third-party tools built on the Agent SDK) is unbundled from interactive limits — Pro subscribers receive a separate $20/mo credit; chat/Claude Code/Cowork quotas unchanged, extra usage manually enabled after the credit is exhausted

Until now, Agent SDK calls and regular chat both drew from the same Pro quota pool. Running overnight batch jobs could eat into your daytime chat headroom — a recurring complaint since Cowork went GA last month. Heavy Agent SDK users had to choose between automated workflows and keeping chat responsive. From June 15, the two pools are completely separate.

If you run Agent SDK batch jobs or automated pipelines, you can stop worrying about draining your chat quota. The $20 credit is a hard cap though — once exhausted, programmatic calls stop unless you manually re-enable extra usage. Estimate your monthly API consumption before June 15. Pure chat users will notice no change at all.

Acquired Weights.gg, a startup known for celebrity AI voice clones (~6-person team joins OpenAI; no plans for a standalone cloning product)

OpenAI has deliberately steered voice output toward ChatGPT real-time voice and the TTS API — careful to avoid specific-person voice replication. Weights.gg occupied that niche, offering high-accuracy celebrity voice clones and drawing repeated criticism from ethicists and IP lawyers. Today, that 6-person team joins OpenAI.

No standalone product means nothing changes for end users today. The technology will likely feed into future ChatGPT voice features or the TTS API indirectly. For creators, voice actors, and podcasters — people whose livelihood involves their voice — this is worth tracking as a long-term signal. For the average user, it is background M&A news.