On May 12, 2026, Microsoft Threat Intelligence along with security firms (Aikido, Wiz, Socket, and others) disclosed that mistralai==2.4.6 on PyPI contained malicious code. This was the official Python client library for Mistral AI's large language models. The malicious version remained live for only a few hours but may have been downloaded by thousands of developers working on AI agents, trading bots, smart contract tools, RAG pipelines, and internal applications. Key facts: Only version 2.4.6 was affected. All other versions are clean. The package has been removed from PyPI. This attack is part of the ongoing "Mini Shai-Hulud" campaign that has already compromised many popular packages across PyPI and npm. How the Malware Worked (Technical Breakdown) The attack was stealthy and effective: Execution on Import Malicious code was injected into src/mistralai/client/ init .py. Simply running import mistralai on Linux systems triggered the payload.…