PyPI

Honestly, the scariest part of the Mini Shai-Hulud attack? The malicious packages came with valid SLSA Build Level 3 provenance. The signature was real. The content was malware. And if you’re an AI developer who’s been trusting “verified” packages from PyPI, this one hits close to home. Here’s what I did after the news broke — and what you should do too. Quick TL;DR: On May 11, 2026, an attack group called TeamPCP pushed 373 malicious versions across 169 npm and PyPI packages — including Mistral AI’s mistralai==2.4.6. And this was the first documented supply chain attack with valid SLSA provenance. So the old verification playbook doesn’t work anymore. I’ll walk through exactly what happened and how to check your own dependencies. ...