Mistral AI PyPI Package Compromised in Supply Chain Attack

The Mistral AI PyPI package v2.4.6 has been compromised in the Mini Shai-Hulud supply chain attack, which is spreading across npm and AI developer ecosystems and may have exposed GitHub, cloud, and CI/CD credentials.

1 min read|agenticonsult Intelligence

Mistral AI PyPI Package Compromised in Supply Chain Attack

The Mistral AI Python package v2.4.6 on PyPI has been compromised as part of the Mini Shai-Hulud malware campaign, which is simultaneously targeting TanStack packages on npm and spreading across AI developer ecosystems. Microsoft is investigating. The attack may have exposed GitHub tokens, cloud platform credentials, and CI/CD pipeline secrets for any developer who installed the affected version. The campaign's scope across both PyPI and npm indicates a coordinated, broad-surface supply-chain offensive.

Why It Matters

Any team with the Mistral AI Python package v2.4.6 in their dependency tree should treat their credentials as potentially compromised and rotate GitHub, cloud, and CI/CD secrets immediately pending full investigation.

This breaking-news item was assembled from the cited primary source with AI assistance. It is intended for rapid situational awareness — refer to the original publication for the definitive statement.

Mistral AI PyPI Package Compromised in Supply Chain Attack

Mistral AI PyPI Package Compromised in Supply Chain Attack

Why It Matters

Live Intel Feed