GuardRails A.I CyberSecurity Scoring
GuardRails
Company Information
Website:https://www.guardrails.io/#li
Employees number:13
Number of followers:1,825
NAICS:541514
Industry Type:Computer and Network Security
Homepage:guardrails.io
GuardRails Risk Score (AI oriented)
Between 650 and 699
GuardRailsComputer and Network Security
Updated:
12/05/2026
12/05/2026
686/1000
Weak
B
GuardRails Global Score (TPRM)
xxxx
GuardRailsComputer and Network Security
Score locked

GuardRailsWeak
Current Score
686B (WEAK)
01000
2 incidents
-70.5 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
611
JUNE 2026
610
MAY 2026
749
Breach
12 May 2026 • GuardRails
Guardrails AI, TanStack, OpenSearch, React Router, Mistral AI and UiPath: 84 npm Packages Linked to TanStack Hit by Supply-Chain Breach
Massive Supply Chain Breach Hits 84 npm Packages in TanStack Ecosystem
686
CRITICAL-63
MISUIPOPETANGUA1778567093
Massive Supply Chain Breach Hits 84 npm Packages in TanStack Ecosystem
A sophisticated supply chain attack compromised 84 npm packages within the widely used TanStack ecosystem, including high-profile libraries like React Router (12M+ weekly downloads). The breach, part of the Mini Shai-Hulud malware campaign, targeted continuous integration (CI) environments such as GitHub Actions, injecting a credential-stealing tool designed to evade detection.
Security firm Socket detected the malicious packages within six minutes of publication using an AI-powered scanner. The attack extended beyond npm, infecting Python packages like OpenSearch, Mistral AI, Guardrails AI, and UiPath. A message left by the attackers signed TeamPCP confirmed they had been exfiltrating developer credentials for hours during the investigation.
### Attack Mechanics
The malware, embedded in an obfuscated script (router_init.js), acted as a self-propagating worm. Key tactics included:
- Stealth Execution: Detached from terminal sessions, running silently in the background.
- Credential Harvesting: Targeted GitHub Actions tokens, AWS metadata, Kubernetes certificates, and HashiCorp Vault clusters.
- Persistence: Hid copies in VS Code and Claude AI config directories, ensuring reinfection on workspace reopening.
- Exfiltration: Used the Session peer-to-peer network to blend stolen data with encrypted messaging traffic.
The attack leveraged a malicious `optionalDependencies` block in package.json, pointing to a compromised GitHub commit. During `npm install`, a `prepare` lifecycle hook executed tanstack_runner.js, triggering the payload.
### Chained GitHub Actions Exploit
TanStack’s postmortem revealed the breach stemmed from a chained attack on their GitHub Actions pipeline. Attackers exploited a vulnerable pull request target pattern, poisoning the workflow cache to execute malicious code. Instead of stealing static npm tokens, they extracted runtime OpenID Connect tokens from runner memory, enabling legitimate authentication to push compromised updates.
### Response & Indicators of Compromise (IOCs)
TanStack deprecated affected versions, purged workflow caches, and implemented stricter repository protections. Key IOCs include:
- Malicious Files:
- `router_init.js` (SHA256: `ab4fcadaec49c03278063dd269ea5eef82d24f2124a8e15d7b90f2fa8601266c`)
- `tanstack_runner.js` (SHA256: `2ec78d556d696e208927cc503d48e4b5eb56b31abc2870c2ed2e98d6be27fc96`)
- Network Targets:
- `hxxp://filev2[.]getsession[.]org/file/` (Session P2P exfiltration)
- AWS metadata endpoints (`169.254.169.254`, `169.254.170.2`)
- GitHub API (`api.github.com/repos/`) and npm token validation endpoints.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
MAY 2026
749
Breach
01 May 2026 • GuardRails
Mistral AI: Hackers threaten to leak Mistral files online — AI giant confirms breach, but not what data is involved
Mistral AI Suffers Data Breach: 450 Repositories Stolen and Auctioned on Dark Web
671
CRITICAL-78
MIS1778869722
Mistral AI Suffers Data Breach: 450 Repositories Stolen and Auctioned on Dark Web
The hacking group TeamPCP has stolen 450 internal repositories totaling 5GB of source code from Mistral AI, a leading AI development company. The stolen data, which includes code used for training, fine-tuning, benchmarking, and model delivery, is now being auctioned on the dark web for $25,000.
TeamPCP, which previously executed a supply chain attack called Mini Shai-Hulud against the TanStack npm package (a widely used UI toolkit with 177 million weekly downloads), distributed infostealer malware to harvest developer credentials, cloud secrets, and SSH keys. The group claims the stolen Mistral AI data contains experimental and future project materials and has warned that if no buyer emerges within a week, they will leak the entire dataset for free.
Mistral AI confirmed the breach, stating that attackers compromised a codebase management system and briefly contaminated some SDK packages. However, the company emphasized that core systems, hosted services, user data, and research environments remained unaffected.
The auction is exclusive to a single buyer, with TeamPCP even inviting Mistral AI to purchase the data back. The group has indicated that the $25,000 price is negotiable. The incident highlights ongoing risks in AI development supply chains and the potential exposure of proprietary model training materials.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
APRIL 2026
749
MARCH 2026
749
FEBRUARY 2026
749
JANUARY 2026
749
DECEMBER 2025
749
NOVEMBER 2025
749
OCTOBER 2025
749
SEPTEMBER 2025
749
AUGUST 2025
749
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for GuardRails ??
What was GuardRails's A.I Rankiteo Cyber Score in June 2026 ??
What was GuardRails's A.I Rankiteo Cyber Score in May 2026 ??
What was GuardRails's A.I Rankiteo Cyber Score in April 2026 ??
What was GuardRails's A.I Rankiteo Cyber Score in March 2026 ??
What was GuardRails's A.I Rankiteo Cyber Score in February 2026 ??
What was GuardRails's A.I Rankiteo Cyber Score in January 2026 ??
What was GuardRails's A.I Rankiteo Cyber Score in December 2025 ??
What was GuardRails's A.I Rankiteo Cyber Score in November 2025 ??
What was GuardRails's A.I Rankiteo Cyber Score in October 2025 ??
What was GuardRails's A.I Rankiteo Cyber Score in September 2025 ??
What was GuardRails's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on GuardRails's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with GuardRails ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view GuardRails's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?