Hackers Demand $25K for Stolen Mistral AI Source Code
Key Takeaways
- TeamPCP claims to have stolen 5GB of Mistral AI internal repositories and source code
- The breach stems from the Mini Shai-Hulud supply-chain attack that compromised CI/CD credentials
- Mistral says core code, hosted services, and user data were not compromised
What TeamPCP Is Selling
A hacker group calling itself TeamPCP posted an advertisement on a hacker forum this week, offering to sell nearly 450 internal Mistral AI repositories for $25,000. The group claims the data totals about 5 gigabytes and includes source code the French AI company uses for training, fine-tuning, benchmarking, and model delivery.
The hackers say they're open to negotiation and will accept lower offers. If no buyer steps forward within a week, they've threatened to leak everything publicly on hacker forums.
“We are looking for $25k BIN or they can pay this and we will shred these permanently, only selling to the best offer and limited to one person, if we cannot find a buyer within a week we will leak all of these for free to the forums.”
— TeamPCP hacker group
How the Breach Happened
Mistral AI confirmed to BleepingComputer that the breach traces back to the Mini Shai-Hulud software supply-chain attack. That attack started when hackers stole CI/CD credentials and used legitimate workflows to compromise official packages from TanStack and Mistral AI.
The infection spread to hundreds of other software projects on npm and PyPI registries, affecting companies including UiPath, Guardrails AI, and OpenSearch. Mistral says a developer device was impacted by the TanStack portion of the attack, which gave hackers access to the company's codebase management system.
“They [the hackers] contaminated some of our SDK packages for a brief period.”
— Mistral AI spokesperson
Mistral's Damage Assessment
Mistral is downplaying the severity. The company's forensic investigation found that the stolen data was not part of its core code repositories. Mistral says its hosted services, managed user data, and research environments were not compromised.
That distinction matters. Mistral AI, founded by former researchers from Google's DeepMind and Meta, develops both open-source and proprietary large language models. The company's crown jewels are the proprietary models and the training data behind them. If the stolen repositories contain only SDK code and tooling, rather than model weights or training pipelines, the damage is limited.
Still, 450 internal repositories is a significant leak. Even non-core code can reveal development practices, internal tooling, and potential vulnerabilities that attackers could exploit in future campaigns.
OpenAI Also Affected
Mistral is not alone. OpenAI confirmed the same day that the TanStack supply-chain attack hit systems belonging to two of its employees who had access to internal source code repositories.
OpenAI says a small set of credentials was stolen, but investigators found no evidence those credentials were used in follow-on attacks. The company rotated the code-signing certificates exposed in the incident and warned macOS users to update their OpenAI desktop apps before June 12.
The Bigger Picture
The Mini Shai-Hulud attack illustrates how supply-chain compromises cascade. A single stolen credential in one project can propagate to dozens or hundreds of downstream dependencies. AI companies, with their complex development pipelines and heavy reliance on open-source packages, make attractive targets.
TeamPCP's $25,000 asking price is relatively modest for what they claim to have. That could mean the data is less valuable than advertised, or that the hackers are trying to move it quickly before Mistral can assess the damage and respond.
Logicity's Take
Another active security threat requiring immediate attention
Frequently Asked Questions
What is the Mini Shai-Hulud supply-chain attack?
Mini Shai-Hulud is a supply-chain attack that compromised official packages on npm and PyPI registries by stealing CI/CD credentials and using legitimate workflows. It affected TanStack, Mistral AI, UiPath, Guardrails AI, OpenSearch, and hundreds of other projects.
Was Mistral AI customer data stolen?
No. Mistral AI says the breach did not affect hosted services, managed user data, or research environments. The stolen repositories were not part of the company's core code.
How much are the hackers asking for the stolen code?
TeamPCP is asking $25,000 for approximately 450 repositories totaling 5 gigabytes. They say the price is negotiable and they will leak the data for free if no buyer emerges within a week.
Did the attack affect other AI companies?
Yes. OpenAI confirmed that two employees with access to internal source code repositories were impacted by the same TanStack supply-chain attack. OpenAI says no credentials were used in follow-on attacks.
What should companies using npm or PyPI packages do?
Review dependencies for any packages affected by Mini Shai-Hulud, audit CI/CD credentials, and monitor for unauthorized access. Companies should also check advisories from affected projects like TanStack for specific remediation steps.
Need Help Implementing This?
Source: BleepingComputer
Huma Shazia
Senior AI & Tech Writer
Related Articles
Browse all
Kraken Crypto Exchange Extortion: Hackers Threaten to Leak Internal Videos After Insider Breach
Cryptocurrency exchange Kraken is being extorted by hackers who obtained videos of internal systems through bribed support employees. The company says no funds were compromised and refuses to pay, with only about 2,000 accounts affected. Kraken is working with federal law enforcement to prosecute everyone involved.
Windows 11 KB5083769 and KB5082052: April 2026 Patch Tuesday Brings Smart App Control Changes and Security Fixes
Microsoft's April 2026 Patch Tuesday updates are now live for Windows 11, bringing critical security patches alongside a welcome change to Smart App Control. You can finally toggle SAC on or off without wiping your entire system. The updates cover versions 23H2, 24H2, and 25H2.
Zero Trust Identity Security: 5 Ways This Framework Actually Stops Credential Theft
Stolen credentials caused 22% of breaches in 2025, making them the top attack vector. Zero Trust promises to fix this, but only when it's built around identity as the core principle. Here's how organizations can implement it properly.
Open Source PR Backlogs: Why Your GitHub Contribution Sits Unreviewed for a Year
A developer's Jellyfin pull request has been waiting over a year for merge despite two approvals, exposing a systemic crisis in open source maintenance. Queuing theory explains why backlogs grow exponentially, and 60% of maintainers have quit or considered quitting due to burnout.
Also Read
Nginx Buffer Overflow Bug Allows Remote Code Execution
A critical heap buffer overflow vulnerability dating back to 2008 has been discovered in Nginx's rewrite module. The bug, tracked as CVE-2026-42945, enables unauthenticated remote code execution on affected servers. Patches are now available for both Nginx Open Source and Nginx Plus.
Fired IT Twins Forgot to Stop Teams Recording, Caught Themselves
Twin brothers Muneeb and Sohaib Akhter deleted 96 federal databases after being fired from an IT contractor. They accidentally recorded themselves doing it because they forgot to end the Microsoft Teams call from their termination meeting.
5 Smart Home Routines That Save Time, Not Just Show Off
Most smart home setups end up as expensive party tricks. A tech journalist shares five automation routines he actually uses daily, starting with a simple smart plug that makes his morning tea while he handles the chaos of getting kids to school.