Key Takeaways

- TeamPCP claims to have stolen 5GB of Mistral AI internal repositories and source code
- The breach stems from the Mini Shai-Hulud supply-chain attack that compromised CI/CD credentials
- Mistral says core code, hosted services, and user data were not compromised
What TeamPCP Is Selling
A hacker group calling itself TeamPCP posted an advertisement on a hacker forum this week, offering to sell nearly 450 internal Mistral AI repositories for $25,000. The group claims the data totals about 5 gigabytes and includes source code the French AI company uses for training, fine-tuning, benchmarking, and model delivery.
The hackers say they're open to negotiation and will accept lower offers. If no buyer steps forward within a week, they've threatened to leak everything publicly on hacker forums.
“We are looking for $25k BIN or they can pay this and we will shred these permanently, only selling to the best offer and limited to one person, if we cannot find a buyer within a week we will leak all of these for free to the forums.”
— TeamPCP hacker group
How the Breach Happened
Mistral AI confirmed to BleepingComputer that the breach traces back to the Mini Shai-Hulud software supply-chain attack. That attack started when hackers stole CI/CD credentials and used legitimate workflows to compromise official packages from TanStack and Mistral AI.
The infection spread to hundreds of other software projects on npm and PyPI registries, affecting companies including UiPath, Guardrails AI, and OpenSearch. Mistral says a developer device was impacted by the TanStack portion of the attack, which gave hackers access to the company's codebase management system.
Mistral's Damage Assessment
Mistral is downplaying the severity. The company's forensic investigation found that the stolen data was not part of its core code repositories. Mistral says its hosted services, managed user data, and research environments were not compromised.
That distinction matters. Mistral AI, founded by former researchers from Google's DeepMind and Meta, develops both open-source and proprietary large language models. The company's crown jewels are the proprietary models and the training data behind them. If the stolen repositories contain only SDK code and tooling, rather than model weights or training pipelines, the damage is limited.
Still, 450 internal repositories is a significant leak. Even non-core code can reveal development practices, internal tooling, and potential vulnerabilities that attackers could exploit in future campaigns.
OpenAI Also Affected
Mistral is not alone. OpenAI confirmed the same day that the TanStack supply-chain attack hit systems belonging to two of its employees who had access to internal source code repositories.
OpenAI says a small set of credentials was stolen, but investigators found no evidence those credentials were used in follow-on attacks. The company rotated the code-signing certificates exposed in the incident and warned macOS users to update their OpenAI desktop apps before June 12.
The Bigger Picture
The Mini Shai-Hulud attack illustrates how supply-chain compromises cascade. A single stolen credential in one project can propagate to dozens or hundreds of downstream dependencies. AI companies, with their complex development pipelines and heavy reliance on open-source packages, make attractive targets.
TeamPCP's $25,000 asking price is relatively modest for what they claim to have. That could mean the data is less valuable than advertised, or that the hackers are trying to move it quickly before Mistral can assess the damage and respond.


Logicity's Take
Another active security threat requiring immediate attention
Frequently Asked Questions
What is the Mini Shai-Hulud supply-chain attack?
Mini Shai-Hulud is a supply-chain attack that compromised official packages on npm and PyPI registries by stealing CI/CD credentials and using legitimate workflows. It affected TanStack, Mistral AI, UiPath, Guardrails AI, OpenSearch, and hundreds of other projects.
Was Mistral AI customer data stolen?
No. Mistral AI says the breach did not affect hosted services, managed user data, or research environments. The stolen repositories were not part of the company's core code.
How much are the hackers asking for the stolen code?
TeamPCP is asking $25,000 for approximately 450 repositories totaling 5 gigabytes. They say the price is negotiable and they will leak the data for free if no buyer emerges within a week.
Did the attack affect other AI companies?
Yes. OpenAI confirmed that two employees with access to internal source code repositories were impacted by the same TanStack supply-chain attack. OpenAI says no credentials were used in follow-on attacks.
What should companies using npm or PyPI packages do?
Review dependencies for any packages affected by Mini Shai-Hulud, audit CI/CD credentials, and monitor for unauthorized access. Companies should also check advisories from affected projects like TanStack for specific remediation steps.
Need Help Implementing This?
Source: BleepingComputer
Huma Shazia
Senior AI & Tech Writer
Produced with AI assistance and reviewed by the Logicity editorial team. Learn more in our Editorial Policy.
Related Articles
Browse all
SD-WAN Security Flaw: What CEOs Must Do by Friday
CISA has flagged an actively exploited vulnerability in Cisco's SD-WAN Manager, giving federal agencies just four days to patch. For enterprises running Cisco SD-WAN infrastructure, this isn't just a government mandate. It's a wake-up call about network security debt that could cost millions in breach response.

Apache ActiveMQ Vulnerability: 6,400 Servers at Risk
A critical 13-year-old security flaw in Apache ActiveMQ is now being actively exploited, putting over 6,400 enterprise message brokers at immediate risk. For businesses running Java applications, this vulnerability could mean unauthorized code execution on your servers. CISA has ordered federal agencies to patch by April 30, signaling the severity of this threat.

KelpDAO Hack: $290M Crypto Heist Hits DeFi Protocols
North Korean state hackers allegedly stole $290 million from KelpDAO by exploiting cross-chain verification systems. The attack forced major lending protocols including Aave to freeze operations, raising urgent questions about DeFi security for institutional investors.

Seiko USA Breach 2026: What E-Commerce Leaders Must Know
The Seiko USA website defacement exposes critical vulnerabilities in Shopify-based retail operations. This attack demonstrates how threat actors are increasingly targeting brand-name companies through their e-commerce platforms, with potential customer data exposure and ransom demands creating both financial and reputational risks for businesses of all sizes.



