LiteLLM Supply Chain Attack: 40 Minutes That Hit 500K Systems
·1747 words·9 mins
A supply chain attack on LiteLLM pushed malicious packages to PyPI that harvested credentials from an estimated 500,000 machines in under an hour. This post dissects the attack chain, the cascading damage across AI infrastructure, and the hard lessons for organizations running open-source AI tooling.