Mistral AI is in the eye of the storm. France’s flagship generative AI company has confirmed it was hit by a cyberattack.
The damage: a group calling itself TeamPCP claims to hold nearly 5 GB of internal code spread across roughly 450 private repositories, now listed for sale at $25,000 on a cybercrime forum. If no buyer steps up within a week, everything gets released for free.
What makes this case worth a closer look is the angle of attack. Nobody forced Mistral’s front door.
The attackers went upstream in the development chain — targeting TanStack, a JavaScript library widely used in the React ecosystem. From there, an automated worm did the rest: it managed to push tampered versions of several official Mistral SDKs onto npm and PyPI, within a narrow window of just a few hours on May 11–12.
A Mistral developer’s workstation, contaminated through that chain, eventually handed the attackers access to the internal code management system via stolen CI/CD credentials.
The incident is part of a broader campaign known as Mini Shai-Hulud, specifically targeting the npm and PyPI ecosystems.
Mistral states that its infrastructure was not compromised. Quite possibly. But the source code is out there — model training, fine-tuning, finance agents, KYC, projects still in the pipeline. The clock is ticking.
The lesson is harsh, but crystal clear: today, you don’t attack the target — you attack what it depends on. And in a world where coding agents install dozens of dependencies in a matter of seconds, every compromised package becomes a fragmentation weapon.
