TeamPCP hackers advertise Mistral AI code repos for sale

TeamPCP, a hacker collective, claims to have stolen source code from Mistral AI and is advertising the stolen repositories for sale on dark web marketplaces. The group set a deadline for finding a buyer before threatening to release the code publicly.

Mistral AI, a Paris-based generative AI startup backed by investors including Andreessen Horowitz, has not publicly confirmed whether the theft occurred or acknowledged ransom demands. The company has faced increased scrutiny following a €50 million funding round announced in 2024.

TeamPCP's approach mirrors traditional extortion tactics applied to the AI sector. The group first attempts to sell stolen assets privately, then threatens public release to pressure targets into negotiating. This two-stage approach maximizes potential profit by creating artificial scarcity.

The threat poses distinct risks to Mistral AI's competitive position. Source code reveals architectural decisions, security implementations, and proprietary algorithms. Competitors gain insight into model training approaches and infrastructure design. The leaked code could also expose hardcoded credentials, API keys, or other operational secrets embedded in repositories.

For Mistral AI customers and partners, exposure depends on what code was accessed. If training data pipelines or model weights were included, downstream services using Mistral's technology face indirect risk. Enterprise clients may face contractual obligations to disclose the breach to their own customers.

The incident reflects broader trends in ransomware evolution. Threat actors increasingly target AI companies, recognizing that source code carries substantial resale value on underground markets. Unlike traditional ransomware targeting operational systems, intellectual property theft against AI firms creates asymmetric leverage.

Mistral AI has not disclosed whether it discovered the breach independently or through TeamPCP's demands. The company's response strategy remains unclear. Organizations storing sensitive code repositories should implement access logging, multi-factor authentication on development platforms, and regular audits of who holds administrative privileges across