Mistral AI Updates: May 13, 2026

1. Malicious mistralai 2.4.6 uploaded to PyPI and quarantined

Mistral. An attacker pushed a malicious 2.4.6 release of the official mistralai Python SDK to PyPI around 00:05 UTC on May 12, five days after the legitimate 2.4.5. The backdoor sits in src/mistralai/client/__init__.py and executes at import time on Linux, fetching transformers.pyz from 83.142.209.194 over a TLS-disabled curl call and running it as a detached process. PyPI quarantined the entire mistralai project, breaking installs of every version including downstream pulls from pydantic-ai, until a clean republish lands. Source

2. Microsoft Threat Intelligence ties the package to the Mini Shai-Hulud worm

Mistral. Microsoft Threat Intelligence publicly flagged the compromised mistralai package on May 12 and attributed it to the wider Mini Shai-Hulud campaign, tracked to a threat actor designated TeamPCP, which also hit TanStack, Guardrails AI, and other AI developer packages across npm and PyPI the same week. The secondary payload harvests GitHub and npm tokens, cloud keys, API keys, Kubernetes service accounts, SSH keys, and (newly for this family) 1Password and Bitwarden vaults, with a country-aware logic path that skips Russian-language systems and carries a 1-in-6 chance of running rm -rf / on machines that look like they are in Israel or Iran. Source