Mistral AI and TanStack hit in supply chain attack with SLSA-attested malware
May 13, 2026
< 1 min read
by Micah Abiodun
for CryptoPolitan

Share:
AI Overview
On May 11 Microsoft Threat Intelligence announced an investigation into malicious code injected into the mistralai PyPI package version 2.4.6, part of a wider supply-chain attack that compromised the official Mistral AI Python package and hundreds of other widely used developer packages. The breach exposed GitHub tokens, cloud credentials and password vaults across the AI and crypto developer ecosystem, creating security risks for wallets, DeFi protocols, DEX/CEX integrations and developer tooling that could enable asset theft and operational disruption.
Bearish
Attackers compromised the official Mistral AI Python package on PyPI along with hundreds of other widely-used developer packages, exposing GitHub tokens, cloud credentials, and password vaults across the AI and crypto developer ecosystem. Microsoft Threat Intelligence said on May 11, it was investigating the mistralai PyPI package version 2.4.6 after discovering malicious code injected in...
