TeamPCP Mini Shai-Hulud Supply Chain Worm Claims OpenAI, Mistral AI, TanStack — SLSA Build Level 3 Provenance Attestations Forged for First Time

The Mini Shai-Hulud fourth-generation npm/PyPI self-propagating worm by financially motivated group TeamPCP (UNC6780) has breached developer environments at OpenAI and Mistral AI and compromised over 170 packages across TanStack, UiPath, Guardrails AI, and OpenSearch by stealing OIDC tokens from GitHub Actions runner memory and publishing poisoned versions with valid SLSA Build Level 3 provenance attestations — the first documented case of malicious packages defeating cryptographic supply chain verification. OpenAI confirmed two employee devices were compromised and rotated all macOS code-signing certificates, while the worm's source code was publicly released to BreachForums on May 12 and immediately forked, dramatically expanding the threat actor pool beyond TeamPCP.

This intelligence brief has been compiled from open-source reporting and corroborated across multiple threat intelligence sources. Defenders should treat the high severity rating as a guide to prioritization within their environment.

For the latest indicators of compromise, formatted SIEM queries, and unredacted actor intelligence related to this brief, DMZ Operator subscribers receive automated IOC packages via email the moment new advisories are published.