The TanStack Mini Shai-Hulud compromise that reached two OpenAI employee devices marks a clear escalation in supply-chain operations against frontier AI labs. Attackers leveraged a CI pipeline cache-poisoning technique to exfiltrate limited credentials without phish or token theft, a method that evaded traditional maintainer security assumptions. This follows the April 2026 Axios library incident tied to UNC1069, indicating sustained North Korean interest in OpenAI code-signing material and internal repositories. OpenAI's swift isolation, credential rotation, and certificate revocation prevented downstream abuse, yet the forced macOS app updates for ChatGPT Desktop and related tools expose the fragility of the entire dependency graph feeding AI development environments. Related incidents at Mistral AI and Guardrails AI show the same worm propagating across competing labs, suggesting a coordinated campaign to map AI tooling rather than isolated criminal activity. The speed of remediation highlights maturing incident response at OpenAI, but also reveals how deeply modern AI stacks rely on unvetted open-source components whose compromise can cascade into production signing pipelines within hours.