OpenAI's disclosure of the TanStack npm compromise exposes a systemic weakness that extends far beyond a single package poisoning incident. The May 11 attack by TeamPCP, which injected the Shai-Hulud worm into 170+ packages across npm and PyPI, leveraged classic maintainer credential theft to push malicious artifacts—yet OpenAI's downstream exposure occurred precisely because its post-Axios hardening rollout remained incomplete. Two employee devices retained legacy configurations, allowing credential exfiltration from internal repositories holding code-signing keys for iOS, macOS, Windows, and Android builds. While OpenAI claims no customer data or core IP was lost, the forced revocation of certificates and the June 2026 macOS update deadline underscore how signing infrastructure can become a persistent attack surface. This pattern mirrors the 2024 XZ Utils backdoor attempt and the SolarWinds Orion compromise, where trusted build tools served as vectors into high-value targets. OpenAI's phased credential transition, intended to mitigate the March Axios incident, inadvertently created a window that attackers exploited—a classic operational security failure in scaling AI development pipelines. Broader ecosystem reporting from Checkmarx and similar analyses shows supply-chain attacks targeting developer tooling have risen sharply, with npm remaining the weakest link due to its decentralized publishing model. The incident highlights that even frontier AI labs continue to rely on the same fragile dependency chains as the rest of the software industry, leaving them exposed to coordinated campaigns that blend open-source compromise with targeted worm propagation.