Mistral AI: Hackers threaten to leak Mistral files online — AI giant confirms breach, but not what data is involved

Mistral AI Suffers Data Breach: 450 Repositories Stolen and Auctioned on Dark Web

The hacking group TeamPCP has stolen 450 internal repositories totaling 5GB of source code from Mistral AI, a leading AI development company. The stolen data, which includes code used for training, fine-tuning, benchmarking, and model delivery, is now being auctioned on the dark web for $25,000.

TeamPCP, which previously executed a supply chain attack called Mini Shai-Hulud against the TanStack npm package (a widely used UI toolkit with 177 million weekly downloads), distributed infostealer malware to harvest developer credentials, cloud secrets, and SSH keys. The group claims the stolen Mistral AI data contains experimental and future project materials and has warned that if no buyer emerges within a week, they will leak the entire dataset for free.

Mistral AI confirmed the breach, stating that attackers compromised a codebase management system and briefly contaminated some SDK packages. However, the company emphasized that core systems, hosted services, user data, and research environments remained unaffected.

The auction is exclusive to a single buyer, with TeamPCP even inviting Mistral AI to purchase the data back. The group has indicated that the $25,000 price is negotiable. The incident highlights ongoing risks in AI development supply chains and the potential exposure of proprietary model training materials.

Source: https://www.techradar.com/pro/security/hackers-threaten-to-leak-mistral-files-online-ai-giant-confirms-breach-but-not-what-data-is-involved

Mistral AI cybersecurity rating report: https://www.rankiteo.com/company/mistralai

"id": "MIS1778869722",
"linkid": "mistralai",
"type": "Breach",
"date": "5/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'industry': 'Artificial Intelligence',
                        'name': 'Mistral AI',
                        'type': 'Company'}],
 'attack_vector': 'Supply Chain Attack',
 'data_breach': {'data_exfiltration': 'Yes (auctioned on dark web)',
                 'file_types_exposed': 'Source code',
                 'number_of_records_exposed': '450 repositories',
                 'personally_identifiable_information': 'None mentioned',
                 'sensitivity_of_data': 'High (proprietary AI model training '
                                        'materials)',
                 'type_of_data_compromised': 'Source code (training, '
                                             'fine-tuning, benchmarking, model '
                                             'delivery, experimental/future '
                                             'projects)'},
 'description': 'The hacking group TeamPCP has stolen 450 internal '
                'repositories totaling 5GB of source code from Mistral AI, a '
                'leading AI development company. The stolen data, which '
                'includes code used for training, fine-tuning, benchmarking, '
                'and model delivery, is now being auctioned on the dark web '
                'for $25,000. TeamPCP previously executed a supply chain '
                'attack against the TanStack npm package, distributing '
                'infostealer malware to harvest developer credentials, cloud '
                'secrets, and SSH keys. The group claims the stolen Mistral AI '
                'data contains experimental and future project materials and '
                'has warned that if no buyer emerges within a week, they will '
                'leak the entire dataset for free. Mistral AI confirmed the '
                'breach, stating that attackers compromised a codebase '
                'management system and briefly contaminated some SDK packages, '
                'but core systems, hosted services, user data, and research '
                'environments remained unaffected.',
 'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
                                       'data breach and auction',
            'data_compromised': '5GB of source code (450 repositories)',
            'operational_impact': 'Brief contamination of SDK packages',
            'systems_affected': 'Codebase management system, SDK packages'},
 'initial_access_broker': {'data_sold_on_dark_web': 'Yes (auction for $25,000)',
                           'entry_point': 'Compromised npm package (TanStack) '
                                          'via supply chain attack (Mini '
                                          'Shai-Hulud)',
                           'high_value_targets': 'Developer credentials, cloud '
                                                 'secrets, SSH keys'},
 'motivation': 'Financial gain (auctioning stolen data)',
 'post_incident_analysis': {'root_causes': 'Supply chain attack leading to '
                                           'credential harvesting and '
                                           'unauthorized access to codebase '
                                           'management system'},
 'ransomware': {'data_exfiltration': 'Yes',
                'ransom_demanded': '$25,000 (negotiable)'},
 'references': [{'source': 'Cyber Incident Description'}],
 'response': {'communication_strategy': 'Public confirmation of breach, '
                                        'emphasis on unaffected core systems'},
 'threat_actor': 'TeamPCP',
 'title': 'Mistral AI Suffers Data Breach: 450 Repositories Stolen and '
          'Auctioned on Dark Web',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Infostealer malware distributed via compromised '
                            'npm package (TanStack)'}