Mistral SDK packages imported Shai-Hulud loader

Both the Python and JavaScript SDKs for French AI lab Mistral were swept up in the May 2026 "Shai-Hulud: Here We Go Again" wave, with malicious releases appearing on PyPI and npm through the company's official package distribution channels.

According to a GitHub issue filed against mistralai/client-python and a follow-on JFrog report, the PyPI side of the campaign used a different shape than its npm counterpart. Instead of relying on an npm preinstall script to fire the loader, mistralai version 2.4.6 on PyPI placed the loader directly in mistralai/client/__init__.py, where ordinary import mistralai statements would trigger it.

JFrog also listed several Mistral npm SDK packages in its Shai-Hulud appendix, including @mistralai/mistralai, @mistralai/mistralai-azure, and @mistralai/mistralai-gcp. Those artifacts are recorded here in the Mistral-scoped entry so the campaign aggregates by vendor rather than in a sprawling catch-all package list.

Researchers said the payload family across the wave was built to harvest developer workstations and CI/CD runners, searching for local files, cloud provider credentials, Kubernetes material, HashiCorp Vault tokens, password manager state, and developer-tooling secrets.

This record is scoped to Mistral SDK distribution. The broader campaign record at [[shai-hulud-here-we-go-again]] carries the cross-ecosystem TeamPCP machinery and propagation behavior.

Motive

Credential Theft

Cause

Compromised Account Credentials

Transitive

Yes

• JFrog's appendix supplies the Mistral npm package evidence; the GitHub issue documents the mistralai 2.4.6 PyPI artifact.

• Supply chain compromise in mistralai 2.4.6github.com
• Shai-Hulud: Here We Go Again - Worm by TeamPCP Hits NPM and PyPIresearch.jfrog.com