TeamPCP Hackers Advertise Mistral AI Source Code Repos for Sale

The TeamPCP threat group has posted listings on criminal forums advertising Mistral AI source code repositories for sale, threatening to leak the stolen data publicly if no buyer materializes. The move follows a months-long supply chain campaign attributed to the group that has compromised developer machines and package registries across dozens of organizations.

What TeamPCP Is Claiming

According to posts circulating on underground forums, TeamPCP claims to be in possession of internal source code repositories from Mistral AI, the French AI startup behind the Mistral and Mixtral model families. The group is advertising the data to potential buyers and warning that it will release the code publicly if a buyer is not found within an unspecified timeframe.

The announcement mirrors tactics used by ransomware and extortion groups: create urgency by setting a deadline, demand payment to prevent public disclosure, and generate pressure by advertising the data to competitors or nation-state buyers before releasing it freely.

Mistral AI had not issued an official confirmation or denial of the breach claim at the time of reporting.

Connection to the Mini Shai-Hulud Campaign

TeamPCP is the threat actor behind the Mini Shai-Hulud supply chain worm, which has been active since at least early May 2026. The campaign works by:

Compromising developer machines through trojanized npm and PyPI packages
Harvesting long-lived authentication tokens stored in plaintext config files (~/.npmrc, ~/.pypirc)
Using stolen tokens to authenticate as legitimate package maintainers
Pushing malicious updates to high-value packages that spread the worm further

The campaign has previously claimed victims including OpenAI (two compromised employee devices), TanStack (the JavaScript library ecosystem), Guardrails AI, Checkmarx (Jenkins AST plugin), and others. Each new compromise expands the pool of stolen credentials available to TeamPCP.

Mistral AI, if confirmed, would represent a significant escalation — the theft of AI model training code and infrastructure source could have implications beyond credential theft.

Why AI Company Source Code Is High Value

Source code from AI companies is unusually valuable on criminal markets for several reasons:

Model architecture leakage: Training code, fine-tuning scripts, and model configurations can reveal proprietary techniques that took months and millions of dollars to develop
Infrastructure blueprints: Deployment and serving infrastructure code can help adversaries understand attack surfaces in production systems
Embedded secrets: Developer repositories frequently contain hardcoded API keys, cloud credentials, and internal service endpoints
Competitive intelligence: Rival companies or nation-state AI programs may pay for access to leading research code

The risk extends beyond the immediate company — AI supply chains are deeply interconnected, and source code access can enable targeted attacks against customers, API integrators, or downstream users of Mistral's models.

TeamPCP's Escalating Campaign

TeamPCP has evolved significantly since its earliest known operations. The group initially focused on opportunistic credential theft via supply chain attacks but has grown into a sophisticated extortion operation:

March 2026: Compromised Trivy vulnerability scanner GitHub Actions, pushing infostealer to thousands of CI/CD pipelines
April 2026: Breached Checkmarx, with stolen data posted to dark web forums
April 2026: Compromised the Axios npm package via social engineering of a maintainer account
May 2026: Mini Shai-Hulud worm compromises TanStack, Mistral AI, Guardrails AI, and OpenAI employees
May 2026 (current): Advertising Mistral AI repos for sale — first known attempt to monetize AI company source code

The group has demonstrated patience and methodical targeting, often maintaining access for weeks before monetizing.

What Mistral AI Users Should Do

While Mistral AI has not confirmed the breach, organizations that use Mistral's APIs or host Mistral-based models should:

Audit API key usage:

Review all API keys issued from Mistral's platform for unexpected usage patterns
Rotate API keys as a precaution, especially if your organization's developer machines may have been exposed in the broader Mini Shai-Hulud campaign

Review dependency chains:

Check whether any npm or PyPI packages in your build pipeline were flagged as part of the TanStack or Mini Shai-Hulud compromise
Run dependency audits: npm audit and pip-audit

Monitor for leaked credentials:

Search internal repositories for hardcoded Mistral API keys using secrets scanning tools
Check breach monitoring services for your organization's domains appearing in dumps linked to TeamPCP

Watch for targeted attacks:

If Mistral's internal infrastructure blueprints were stolen, expect that knowledge to be used in future targeted attacks against Mistral's platform and API infrastructure

Broader Implications for AI Supply Chain Security

The TeamPCP campaign highlights a systemic vulnerability in how AI development teams manage credentials and package dependencies. Developer machines have become the new perimeter — they hold the keys to every registry, CI/CD pipeline, and cloud environment the developer touches.

Key lessons from the Mini Shai-Hulud campaign:

Long-lived tokens are weapons: npm and PyPI tokens stored in plaintext config files are equivalent to master keys to the package ecosystem
AI companies are priority targets: The combination of valuable IP, fast-moving development culture, and extensive open-source participation creates an unusually wide attack surface
Worm-based supply chain attacks scale automatically: Unlike targeted intrusions, self-spreading worms can compromise hundreds of organizations without proportional attacker effort
Response time matters: Organizations with fast secrets rotation and short-lived OIDC tokens for CI/CD significantly limit blast radius

Key Takeaways

TeamPCP claims to hold Mistral AI source code repos and is advertising them for sale on criminal forums
Mistral AI has not confirmed the breach — monitor for official statements
The claim is plausible: Mistral employees were named as part of the broader Mini Shai-Hulud worm's blast radius in prior reporting
Rotate any Mistral API keys used in your organization as a precautionary measure
Audit npm/PyPI tokens on developer machines — the worm that enabled this breach is still active
TeamPCP continues to escalate — this group is moving from credential theft to IP exfiltration and ransom

Source: BleepingComputer

What TeamPCP Is Claiming

Mistral AI had not issued an official confirmation or denial of the breach claim at the time of reporting.

Connection to the Mini Shai-Hulud Campaign

TeamPCP is the threat actor behind the Mini Shai-Hulud supply chain worm, which has been active since at least early May 2026. The campaign works by:

Compromising developer machines through trojanized npm and PyPI packages
Harvesting long-lived authentication tokens stored in plaintext config files (~/.npmrc, ~/.pypirc)
Using stolen tokens to authenticate as legitimate package maintainers
Pushing malicious updates to high-value packages that spread the worm further

Mistral AI, if confirmed, would represent a significant escalation — the theft of AI model training code and infrastructure source could have implications beyond credential theft.

Why AI Company Source Code Is High Value

Source code from AI companies is unusually valuable on criminal markets for several reasons:

Model architecture leakage: Training code, fine-tuning scripts, and model configurations can reveal proprietary techniques that took months and millions of dollars to develop
Infrastructure blueprints: Deployment and serving infrastructure code can help adversaries understand attack surfaces in production systems
Embedded secrets: Developer repositories frequently contain hardcoded API keys, cloud credentials, and internal service endpoints
Competitive intelligence: Rival companies or nation-state AI programs may pay for access to leading research code

TeamPCP's Escalating Campaign

March 2026: Compromised Trivy vulnerability scanner GitHub Actions, pushing infostealer to thousands of CI/CD pipelines
April 2026: Breached Checkmarx, with stolen data posted to dark web forums
April 2026: Compromised the Axios npm package via social engineering of a maintainer account
May 2026: Mini Shai-Hulud worm compromises TanStack, Mistral AI, Guardrails AI, and OpenAI employees
May 2026 (current): Advertising Mistral AI repos for sale — first known attempt to monetize AI company source code

The group has demonstrated patience and methodical targeting, often maintaining access for weeks before monetizing.

What Mistral AI Users Should Do

While Mistral AI has not confirmed the breach, organizations that use Mistral's APIs or host Mistral-based models should:

Audit API key usage:

Review all API keys issued from Mistral's platform for unexpected usage patterns
Rotate API keys as a precaution, especially if your organization's developer machines may have been exposed in the broader Mini Shai-Hulud campaign

Review dependency chains:

Check whether any npm or PyPI packages in your build pipeline were flagged as part of the TanStack or Mini Shai-Hulud compromise
Run dependency audits: npm audit and pip-audit

Monitor for leaked credentials:

Search internal repositories for hardcoded Mistral API keys using secrets scanning tools
Check breach monitoring services for your organization's domains appearing in dumps linked to TeamPCP

Watch for targeted attacks:

If Mistral's internal infrastructure blueprints were stolen, expect that knowledge to be used in future targeted attacks against Mistral's platform and API infrastructure

Broader Implications for AI Supply Chain Security

Key lessons from the Mini Shai-Hulud campaign:

Long-lived tokens are weapons: npm and PyPI tokens stored in plaintext config files are equivalent to master keys to the package ecosystem
AI companies are priority targets: The combination of valuable IP, fast-moving development culture, and extensive open-source participation creates an unusually wide attack surface
Worm-based supply chain attacks scale automatically: Unlike targeted intrusions, self-spreading worms can compromise hundreds of organizations without proportional attacker effort
Response time matters: Organizations with fast secrets rotation and short-lived OIDC tokens for CI/CD significantly limit blast radius

Key Takeaways

TeamPCP claims to hold Mistral AI source code repos and is advertising them for sale on criminal forums
Mistral AI has not confirmed the breach — monitor for official statements
The claim is plausible: Mistral employees were named as part of the broader Mini Shai-Hulud worm's blast radius in prior reporting
Rotate any Mistral API keys used in your organization as a precautionary measure
Audit npm/PyPI tokens on developer machines — the worm that enabled this breach is still active
TeamPCP continues to escalate — this group is moving from credential theft to IP exfiltration and ransom

Source: BleepingComputer

TeamPCP Hackers Advertise Mistral AI Source Code Repos for Sale

What TeamPCP Is Claiming

Connection to the Mini Shai-Hulud Campaign

Why AI Company Source Code Is High Value

TeamPCP's Escalating Campaign

What Mistral AI Users Should Do

Broader Implications for AI Supply Chain Security

Key Takeaways

OpenAI Confirms Security Breach in TanStack Supply Chain Attack

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI and More

EU Cyber Agency Attributes Major Data Breach to TeamPCP Hacking Group

TeamPCP Hackers Advertise Mistral AI Source Code Repos for Sale

What TeamPCP Is Claiming

Connection to the Mini Shai-Hulud Campaign

Why AI Company Source Code Is High Value

TeamPCP's Escalating Campaign

What Mistral AI Users Should Do

Broader Implications for AI Supply Chain Security

Key Takeaways

OpenAI Confirms Security Breach in TanStack Supply Chain Attack

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI and More

EU Cyber Agency Attributes Major Data Breach to TeamPCP Hacking Group