Are my conversations with Mistral AI's Le Chat at risk?

Mistral AI affirme que son infrastructure principale n'a pas été compromise. Vos conversations avec Le Chat ne sont a priori pas exposées. En revanche, si vous utilisez Le Chat avec un compte, changez votre mot de passe par précaution.

What is a supply chain attack?

Une attaque supply chain (chaîne d'approvisionnement) consiste à infecter un logiciel ou une bibliothèque légitime utilisée par d'autres développeurs. Au lieu d'attaquer directement une entreprise, les pirates compromettent un outil qu'elle utilise pour se propager ensuite.

Has Mistral AI confirmed the theft of its source code?

Non. Mistral AI confirme l'attaque sur ses packages NPM/PyPI mais nie toute compromission de son infrastructure principale. La revendication de vente de 5 Go de code source par le groupe TeamPCP n'a pas été confirmée par Mistral.

What are Mistral AI and Le Chat?

Mistral AI est une startup française fondée en 2023, considérée comme le principal concurrent européen d'OpenAI. Le Chat est son assistant IA grand public, accessible sur lechat.mistral.ai, qui compte des millions d'utilisateurs en France.

🤖 Artificial Intelligence 🇫🇷 French startup

Mistral AI Hacked: Confirmed Attack on French "ChatGPT" Challenger — Hackers Claim to Be Selling Its Source Code

📅 14 May 2026 ⏱️ 4 min de lecture ✓ Sources: Mistral AI, Microsoft Threat Intelligence, ThreatFabric, FrenchBreaches

Mistral AI, the French startup considered Europe's main challenger to OpenAI, has confirmed it was the victim of a cyberattack on 11 and 12 May 2026. At the same time, a group of hackers claims to hold 5GB of internal source code — 450 private repositories — which they are offering for sale for $25,000. Mistral denies any major compromise. Here's what we know, what we don't, and what you should do if you use Le Chat.

✅ What is confirmed / ❓ What is not

✅ Officially confirmed by Mistral

A supply chain attack compromised their NPM and PyPI packages on 12 May
A developer workstation was compromised
Infected packages were removed within 3 hours
Microsoft Threat Intelligence confirmed the incident

⚠️ Claimed but unconfirmed

The 5GB of source code / 450 private repositories for sale
Mistral denies any infrastructure compromise
The authenticity of the files being sold is unverified
Your Le Chat conversations don't appear to be exposed

📅 Timeline of the incident

May 10

The starting point — TanStack compromised The TeamPCP group creates a malicious fork of the TanStack/router repository, a very popular JavaScript library. It exploits misconfigurations to inject malicious code.
May 11 — 00:45

Mistral packages are infected Mistral AI's official NPM and PyPI SDKs are compromised. For 3 hours, any developer updating these packages installs credential-stealing malware.
May 11 — Forum

TeamPCP lists 5GB of Mistral data for sale On a cybercriminal forum, the group claims to hold 450 private Mistral Git repositories and offers them for sale at $25,000. "I'll probably just leak everything."
May 12 — 03:53

Mistral detects and fixes Mistral removes infected packages and publishes an official security advisory. The company confirms the incident but denies any compromise of its main infrastructure.
May 12

Microsoft raises the alarm Microsoft Threat Intelligence publishes an alert on the Mistral AI PyPI package v2.4.6, noting that the malware persists even after uninstallation via VS Code hooks.

🤔 Are your Le Chat conversations at risk?

This is THE question every Le Chat user is asking. The honest answer is: probably not, but with an important nuance.

Mistral AI clearly states it has "no indication of a compromise of Mistral's infrastructure". The attack targeted development tools — the SDKs used by developers integrating Mistral into their apps — not the Le Chat platform itself.

💡 What to do if you use Le Chat

As a precaution: change your password at lechat.mistral.ai
Enable two-factor authentication if available on your account
Never share sensitive information (passwords, bank details) in an AI chat — regardless of the platform
Follow official communications from Mistral at mistral.ai

⚠️ What this incident reveals about AI security

AI models are software like any other — vulnerable to the same attacks
Supply chain attacks are increasingly sophisticated — they target the production chain rather than the target directly
Even a well-funded, recognised startup can be compromised within hours
The AI race creates an interconnection of open source libraries that multiplies attack surfaces

❓ Frequently asked questions about the Mistral AI hack

Mistral AI states that its main infrastructure was not compromised. Your Le Chat conversations are not believed to be exposed. However, if you use Le Chat with an account, change your password at lechat.mistral.ai as a precaution.

A supply chain attack involves infecting a legitimate tool used by other developers. Instead of attacking Mistral directly, hackers compromised a library that Mistral used, spreading to their infrastructure without a frontal attack.

No. Mistral AI confirms the attack on its NPM/PyPI packages but denies any compromise of its main infrastructure. The claim to sell 5GB of source code by the TeamPCP group has not been confirmed by Mistral. The authenticity of the claimed files remains unknown.

Mistral AI is a French startup founded in 2023 by former Google DeepMind and Meta researchers. It is considered Europe's main competitor to OpenAI. Le Chat is its consumer AI assistant, accessible at lechat.mistral.ai, a direct rival to ChatGPT.

💡 Vous aimerez peut-être aussi

🤖 Android TrickMo — the virus draining bank accounts live → 🍎 Mac Fake Google ad installs virus on your Mac → 🎯 Quiz Scam or Not? Test your instincts! → 🛡️ Guide 10 rules to protect your whole family →

Questions about the security of your AI tools?

CyberGuard answers all your cybersecurity questions — free and jargon-free.

🤖 Talk to CyberGuard →

📖 Complete guide — Protect Your Family Online

30 pages · AI, scams, personal data · Instant PDF

Buy $6.90 →