On May 11, 2026, a coordinated supply chain attack compromised over 170 npm packages and 2 PyPI packages. The total amounts to 404 malicious versions. This massive operation simultaneously targets some of the most used projects in the open source AI ecosystem.
The responsible hacker group, TeamPCP, managed to hijack the legitimate publishing pipelines of AI projects by exploiting misconfigurations of maintainers and GitHub Actions vulnerabilities. Result: infected packages bearing valid signatures, indistinguishable from legitimate versions. But this is not the most worrying.
The name of the malicious file, transformers.pyz, seems deliberately chosen to imitate the Hugging Face Transformers framework. The latter is widely used in AI environments. PyPI has since quarantined the Mistral AI project.