Hackers Demand $25K for Stolen Mistral AI Source Code

Key Takeaways

• TeamPCP claims to have stolen 5GB of Mistral AI internal repositories and source code
• The breach stems from the Mini Shai-Hulud supply-chain attack that compromised CI/CD credentials
• Mistral says core code, hosted services, and user data were not compromised

What TeamPCP Is Selling

A hacker group calling itself TeamPCP posted an advertisement on a hacker forum this week, offering to sell nearly 450 internal Mistral AI repositories for $25,000. The group claims the data totals about 5 gigabytes and includes source code the French AI company uses for training, fine-tuning, benchmarking, and model delivery.

The hackers say they're open to negotiation and will accept lower offers. If no buyer steps forward within a week, they've threatened to leak everything publicly on hacker forums.

“We are looking for $25k BIN or they can pay this and we will shred these permanently, only selling to the best offer and limited to one person, if we cannot find a buyer within a week we will leak all of these for free to the forums.”

— TeamPCP hacker group

How the Breach Happened

Mistral AI confirmed to BleepingComputer that the breach traces back to the Mini Shai-Hulud software supply-chain attack. That attack started when hackers stole CI/CD credentials and used legitimate workflows to compromise official packages from TanStack and Mistral AI.

The infection spread to hundreds of other software projects on npm and PyPI registries, affecting companies including UiPath, Guardrails AI, and OpenSearch. Mistral says a developer device was impacted by the TanStack portion of the attack, which gave hackers access to the company's codebase management system.

“They [the hackers] contaminated some of our SDK packages for a brief period.”

— Mistral AI spokesperson

Mistral's Damage Assessment

Mistral is downplaying the severity. The company's forensic investigation found that the stolen data was not part of its core code repositories. Mistral says its hosted services, managed user data, and research environments were not compromised.

That distinction matters. Mistral AI, founded by former researchers from Google's DeepMind and Meta, develops both open-source and proprietary large language models. The company's crown jewels are the proprietary models and the training data behind them. If the stolen repositories contain only SDK code and tooling, rather than model weights or training pipelines, the damage is limited.

Still, 450 internal repositories is a significant leak. Even non-core code can reveal development practices, internal tooling, and potential vulnerabilities that attackers could exploit in future campaigns.

OpenAI Also Affected

Mistral is not alone. OpenAI confirmed the same day that the TanStack supply-chain attack hit systems belonging to two of its employees who had access to internal source code repositories.

OpenAI says a small set of credentials was stolen, but investigators found no evidence those credentials were used in follow-on attacks. The company rotated the code-signing certificates exposed in the incident and warned macOS users to update their OpenAI desktop apps before June 12.

The Bigger Picture

The Mini Shai-Hulud attack illustrates how supply-chain compromises cascade. A single stolen credential in one project can propagate to dozens or hundreds of downstream dependencies. AI companies, with their complex development pipelines and heavy reliance on open-source packages, make attractive targets.

TeamPCP's $25,000 asking price is relatively modest for what they claim to have. That could mean the data is less valuable than advertised, or that the hackers are trying to move it quickly before Mistral can assess the damage and respond.

Frequently Asked Questions

What is the Mini Shai-Hulud supply-chain attack?

Mini Shai-Hulud is a supply-chain attack that compromised official packages on npm and PyPI registries by stealing CI/CD credentials and using legitimate workflows. It affected TanStack, Mistral AI, UiPath, Guardrails AI, OpenSearch, and hundreds of other projects.

Was Mistral AI customer data stolen?

No. Mistral AI says the breach did not affect hosted services, managed user data, or research environments. The stolen repositories were not part of the company's core code.

How much are the hackers asking for the stolen code?

TeamPCP is asking $25,000 for approximately 450 repositories totaling 5 gigabytes. They say the price is negotiable and they will leak the data for free if no buyer emerges within a week.

Did the attack affect other AI companies?

Yes. OpenAI confirmed that two employees with access to internal source code repositories were impacted by the same TanStack supply-chain attack. OpenAI says no credentials were used in follow-on attacks.

What should companies using npm or PyPI packages do?

Review dependencies for any packages affected by Mini Shai-Hulud, audit CI/CD credentials, and monitor for unauthorized access. Companies should also check advisories from affected projects like TanStack for specific remediation steps.

Source: BleepingComputer