TeamPCP hackers advertise Mistral AI code repos for sale

BleepingComputer T2 clear 14 May 2026 815 words ORIGINAL
Classification
SEV 4/10
TeamPCP hackers advertise Mistral AI code repos for sale Home News Security TeamPCP hackers advertise Mistral AI code repos for sale Ionut Ilascu May 14, 2026 06:50 PM The TeamPCP hacker group is threatening to leak source code from the Mistral AI project unless a buyer is found for the data. In a post on a hacker forum, the threat actor is asking $25,000 for a set of nearly 450 repositories. Mistral AI is a French artificial intelligence company founded by former researchers from Google's DeepMind and Meta, which provides open-weight large language models (LLMs), both open source and proprietary.
CONFIDENCE49%
Categories
supply_chainvulnerabilityidentity_threat
Threat Actors
Target Sectors
retailmanufacturing

TeamPCP hackers advertise Mistral AI code repos for sale Home News Security TeamPCP hackers advertise Mistral AI code repos for sale Ionut Ilascu May 14, 2026 06:50 PM The TeamPCP hacker group is threatening to leak source code from the Mistral AI project unless a buyer is found for the data. In a post on a hacker forum, the threat actor is asking $25,000 for a set of nearly 450 repositories. Mistral AI is a French artificial intelligence company founded by former researchers from Google's DeepMind and Meta, which provides open-weight large language models (LLMs), both open source and proprietary. ​In a statement to BleepingComputer, Mistral AI confirmed that hackers compromised a codebase management system after the Mini Shai-Hulud software supply-chain attack .

The incident started with the compromise of official packages from TanStack and Mistral AI through stolen CI/CD credentials and legitimate workflows. Then it spread to hundreds of other software projects on the npm and PyPI registries, including UiPath, Guardrails AI, and OpenSearch. “They [the hackers] contaminated some of our SDK packages for a brief period,” the company said. TeamPCP claims to have stolen nearly 5 gigabytes “of internal repositories and source code” that Mistral uses for training, fine-tuning, benchmarking, model delivery, and inference in experiments and future projects. “We are looking for $25k BIN or they can pay this and we will shred these permanently, only selling to the best offer and limited to one person, if we cannot find a buyer within a week we will leak all of these for free to the forums,” the hackers said.

The threat actor appears open to negotiations, stating that the asking price is flexible and that interested buyers are free to submit what they believe is a fair offer for the 450 repositories offered for sale. TeamPCP hackers offering to sell Mistral AI data source: KELA Mistral AI told BleepingComputer that the TeamPCP managed to contaminate some of the company’s software development kit (SDK) packages.

In an advisory published earlier this week, the company said that the breach occurred after a developer device was impacted by the TanStack supply-chain attack. However, Mistral states that the forensic investigation determined that the impacted data was not part of the core code repositories. “Neither our hosted services, managed user data, nor any of our research and testing environments were compromised,” Mistral told BleepingComputer.

Earlier today, OpenAI also confirmed that the TanStack supply-chain impacted systems of two of its employees who had access to “a limited subset of internal source code repositories.” ​A small set of credentials was stolen from the repositories, but the investigation found no evidence that they were used in additional attacks. ​OpenAI responded by rotating the code-signing certificates exposed in the incident and warning macOS users that they must update their OpenAI desktop apps before June 12, or the software may fail to launch and stop receiving updates.

The Validation Gap: Automated Pentesting Answers One Question. You Need Six. Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold. This guide covers the 6 surfaces you actually need to validate. Download Now OpenAI confirms security breach in TanStack supply chain attack Shai Hulud attack ships signed malicious TanStack, Mistral npm packages Official SAP npm packages compromised to steal credentials Bitwarden CLI npm package compromised to steal developer credentials Backdoored Telnyx PyPI package pushes malware hidden in WAV audio Breach Mistral AI PyPI Shai Hulud Supply Chain Attack TanStack TeamPCP Ionut Ilascu is a technology writer with a focus on all things cybersecurity.

The topics he writes about include malware, vulnerabilities, exploits and security defenses, as well as research and innovation in information security. His work has been published by Bitdefender, Netgear, The Security Ledger and Softpedia. Post a Comment Community Rules You need to login in order to post a comment Not a member yet? Register Now You may also like: Upcoming Webinar Popular Stories Windows BitLocker zero-day gives access to protected drives, PoC released Dell confirms its SupportAssist software causes Windows BSOD crashes OpenAI confirms security breach in TanStack supply chain attack Sponsor Posts Overdue a password health-check?

Audit your Active Directory for free Are stolen sessions bypassing your security? Find out for free. https://www.nmftacyber.com/ 12 steps to defend against AI-powered exploits before the Glasswing report drops Login Username Password Remember Me Sign in anonymously Sign in with Twitter Reporter Help us understand the problem. What is going on with this comment? Spam Abusive or Harmful Inappropriate content Strong language Other Read our posting guidelinese to learn what content is prohibited. Submitting... SUBMIT

Extracted Entities (0)
No threat entities extracted.
ID: 347Lang: enType: article