TeamPCP hackers advertise Mistral AI code repos for sale, threatening to leak sensitive source code unless a buyer emerges for the compromised data. This development, originating from a hacker forum post by the TeamPCP group, highlights a significant cybersecurity incident impacting Mistral AI, a prominent French artificial intelligence firm known for its open-weight large language models.
The threat actors are demanding $25,000 for a collection of nearly 450 repositories, claiming to possess approximately 5 gigabytes of “internal repositories and source code.” This stolen data is purportedly used by Mistral AI for critical operations including training, fine-tuning, benchmarking, model delivery, and inference in their ongoing experiments and future projects.
Mistral AI Confirms Supply-Chain Compromise
Mistral AI has confirmed the compromise, stating that hackers gained access to a codebase management system following the extensive Mini Shai-Hulud software supply-chain attack. This sophisticated attack initially targeted official packages from TanStack and Mistral AI through stolen CI/CD credentials and legitimate workflows. The ripple effect subsequently spread to hundreds of other software projects across the npm and PyPI registries, affecting entities such as UiPath, Guardrails AI, and OpenSearch.
“They [the hackers] contaminated some of our SDK packages for a brief period,” Mistral AI acknowledged in a statement, underscoring the nature of the breach.
The company’s advisory further clarified that the breach stemmed from a developer device being impacted by the broader TanStack supply-chain attack. However, Mistral AI emphasized that their forensic investigation concluded the compromised data was not part of their core code repositories. “Neither our hosted services, managed user data, nor any of our research and testing environments were compromised,” the company assured, seeking to mitigate concerns about a deeper breach.
The Broader Impact of Supply-Chain Attacks on AI Firms
This incident involving the TeamPCP hackers and Mistral AI is not isolated. The Mini Shai-Hulud attack has demonstrated a far-reaching impact across the tech industry, particularly within the burgeoning AI sector. Earlier today, OpenAI also confirmed that systems belonging to two of its employees were affected by the TanStack supply-chain attack. These employees reportedly had access to “a limited subset of internal source code repositories.”
While a small set of credentials was stolen from OpenAI’s repositories, the company’s investigation found no evidence of their use in subsequent attacks. OpenAI has responded proactively by rotating exposed code-signing certificates and advising macOS users to update their desktop applications by June 12 to avoid service disruptions. These events underscore the escalating related Tech news and the critical vulnerabilities inherent in software supply chains, particularly for companies at the forefront of AI development.
The TeamPCP hackers’ ultimatum to either sell the Mistral AI data for $25,000 or release it freely within a week highlights the growing trend of data extortion in the cybercrime landscape. The flexibility in their asking price, inviting offers, suggests a calculated approach to monetize the stolen intellectual property. This incident serves as a stark reminder for all technology companies, especially those in high-value sectors like AI, to continuously bolster their cybersecurity defenses against sophisticated supply-chain attacks and insider threats.




