Security advisories | Mistral Docs - Mistral AI

2026-05-12 · Source: mistral.ai via Google News · Field: Technology & Digital — Software Development & Engineering, Cybersecurity & Data Privacy, Artificial Intelligence & Machine Learning · Depth: Intermediate, short

Summary

Mistral AI has issued a security advisory (MAI-2026-002) regarding a supply chain attack that compromised specific versions of its NPM and PyPI SDK packages. The attack, linked to a compromised TanStack third-party software, led to malicious versions being published between May 11-12, 2026. While Mistral's infrastructure was not breached, an affected developer device was involved. Compromised NPM packages (`@mistralai/mistralai` versions `2.2.2`, `2.2.3`, `2.2.4`; `@mistralai/mistralai-azure` and `@mistralai/mistralai-gcp` versions `1.7.1`, `1.7.2`, `1.7.3`) were found to be inoffensive due to a missing file. However, the compromised PyPI package (`mistralai` version `2.4.6`) runs a malicious script upon import on Linux, harvesting credentials and establishing outbound connections to `83.142.209.194` via `/tmp/transformers.pyz`. The incident was mitigated by May 13, 2026.

Key takeaway

For AI Engineers or Software Engineers using Mistral AI SDKs, immediately verify if your environments or build artifacts contain affected package versions, especially PyPI `mistralai` `2.4.6`. If impacted, stop using the version, clean systems, rotate all accessible secrets, and monitor for suspicious network activity to `83.142.209.194` to prevent credential harvesting and further compromise.

Key insights

A supply chain attack compromised Mistral AI's SDK packages, with PyPI versions posing a credential harvesting risk.

Principles

• Third-party software compromises pose direct supply chain risks.
• Differentiate impact: not all compromised packages are equally harmful.

Method

The PyPI malicious code downloads `https://83.142.209.194/transformers.pyz` to `/tmp/transformers.pyz` and executes it as a detached background process on Linux.

In practice

• Check for specific package versions in lockfiles and caches.
• Monitor for `/tmp/transformers.pyz` and outbound connections to `83.142.209.194`.
• Rotate secrets and check cloud audit logs after remediation.

Topics

• Supply Chain Attack
• Mistral AI SDKs
• TanStack Compromise
• Credential Harvesting
• Incident Remediation

Code references

• mistralai/client-python
• mistralai/client-ts

Best for: AI Engineer, Software Engineer, AI Security Engineer

Related on AIssential

• OpenAI Among the Companies Affected by TanStack Breach — Software supply chain attacks exploiting GitHub Actions can compromise open-source libraries and spread credential-stealing malware.
• LiteLLM Supply Chain Attack: What Happened, Who’s Affected, and What You Should Do Right Now — A litellm supply chain attack compromised PyPI, exfiltrating credentials via malicious package versions.
• The incident has been resolved - Mistral AI — Mistral AI's Files API experienced a brief, resolved service degradation.
• One breach after another — Software supply chain vulnerabilities necessitate robust sandboxing and continuous security vigilance in AI development.
• OpenAI’s Daybreak and Mistral’s Mythos competitor — AI vulnerability tools are force multipliers requiring human validation and defense-in-depth strategies against evolving threats.
• Microsoft Hacked to Deliver Malware to Claude and Gemini Users — Microsoft's GitHub repositories were compromised to deliver credential-stealing malware to AI coding agent users.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by mistral.ai via Google News.