Key Points
- A TeamPCP-linked forum account claims to be selling internal Mistral AI repositories.
- The post advertises roughly 5GB of files linked to AI training and inference projects.
- As of now, no public evidence confirms the authenticity of the alleged repositories.
- The claims surfaced days after the Mini Shai-Hulud supply chain attacks on npm and PyPI.
- TeamPCP has been previously linked to package poisoning attacks targeting AI infrastructure.
- The article has been updated with a statement from Mistral AI.
Only days after the Mini Shai-Hulud supply chain attack targeted npm and PyPI packages associated with French artificial intelligence company Mistral AI, a threat actor using the TeamPCP identity is now claiming to sell what appear to be internal company repositories and source code on a hacking forum.
The forum post, published a few hours ago under the TeamPCP name, advertises roughly 5GB of alleged internal repositories connected to both “mistralai” and “mistral-solutions.” The actor claims the archive contains around 450 repositories covering training systems, fine-tuning projects, benchmarking tools, dashboards, inference infrastructure, experiments, and future AI projects.
While the claims have not been independently verified, the listing includes dozens of repository names that appear consistent with internal engineering environments and enterprise AI development workflows. Examples shown in the post include “mistral-inference-internal,” “mistral-finetune-internal,” “chatbot-security-evaluation,” “devstral-cloud,” and “pfizer-rfp-2025.”
The threat actor is asking for $25,000 in exchange for the data, claiming the repositories would otherwise be leaked publicly within a week if no buyer is found. The post also states that the seller intends to provide the archive to only one buyer.
As Hackread.com reported earlier, TeamPCP was recently linked to the Mini Shai-Hulud campaign, a large-scale software supply chain attack that poisoned hundreds of npm and PyPI packages associated with projects including Mistral AI, TanStack, OpenSearch, UiPath, and Guardrails AI.
The attackers abused CI/CD publishing systems and hijacked OpenID Connect tokens to distribute malicious package updates through legitimate release mechanisms. The malware was designed to steal GitHub tokens, cloud credentials, CI/CD secrets, SSH keys, and developer environment data.
That earlier campaign already raised concerns about whether compromised developer credentials or publishing infrastructure could provide access beyond public package repositories. The latest forum claims now suggest the attackers may be attempting to monetize alleged internal development assets connected to AI infrastructure and enterprise tooling.
The forum post itself does not include downloadable samples or technical proof confirming access to the repositories. However, it references previous TeamPCP activity involving Lightning AI and instructs buyers to verify the group’s identity through prior attack notes and forum activity.
Sample Repo Names Shared by the Threat Actor
* finance.tar.gz
* typhoon.tar.gz
* turbine.tar.gz
* xformers.tar.gz
* dashboard.tar.gz
* website-v3.tar.gz
* devstral-cloud.tar.gz
* mistral-fabric.tar.gz
* kyc-doc-agent.tar.gz
* mistral-surge.tar.gz
* mistral-solutions.tar.gz
* finetuning-feedback.tar.gz
* surge-validators.tar.gz
* pfizer-rfp-2025.tar.gz
* mistral-common-internal.tar.gz
* mistral-compute-poc.tar.gz
* piper-segmentation.tar.gz
* mistral_finance_agent.tar.gz
* mistral-lawyer-internal.tar.gz
* mistral-finetune-internal.tar.gz
* chatbot-security-evaluation.tar.gz
* mistral-inference-private.tar.gz
* cma-customer-care-internal.tar.gz
* mistral-inference-internal.tar.gz
At the time of writing, Mistral AI has not publicly commented on the claims. There is also no public evidence confirming that the files, if authentic, originated from the company’s internal systems.
Even so, the situation suggests that attacks targeting AI software environments are moving beyond poisoned packages and stolen credentials, with threat actors now appearing to focus on internal development systems, enterprise tooling, and AI infrastructure.
As AI companies continue building cloud-hosted training, inference, and autonomous agent systems, developer credentials and CI/CD environments are becoming increasingly valuable targets for groups seeking access to intellectual property and enterprise infrastructure.
Hackread.com has reached out to Mistral AI for comment and will update this story if a response is received.
Update – Statement from Mistral AI
In a statement shared with Hackread.com, a Mistral AI spokesperson confirmed that attackers temporarily compromised one of the company’s codebase management systems on May 12, 2026, through a third-party software supply chain attack.
According to the company, the attackers contaminated some SDK packages for a limited time before the incident was contained. Mistral AI said it quickly neutralized the attack, secured its infrastructure, and launched a forensic investigation with relevant authorities.
The company added that the attackers only accessed certain non-core code repositories, while hosted services, managed user data, and research and testing environments were not affected.
