Why it matters
OpenAI describes its response to the TanStack npm supply-chain attack, including certificate rotation for macOS apps and guidance to update ChatGPT, Codex, and related desktop tooling from official channels.
My takeaway: Relevant to AI engineering operations because coding agents and desktop AI tools sit inside the software supply chain. App provenance, update channels, certificate rotation, and endpoint investigation need to be part of agent rollout governance.