A supply chain attack embedded credential-stealing malware in a LiteLLM dependency, affecting a project downloaded 3.4M times/day and used widely by AI developers. The malware was discovered by FutureSearch's Callum McMahon after it crashed his machine, with researchers including Andrej Karpathy noting its sloppy construction suggests "vibe coded" origins. Compounding the incident, LiteLLM had recently received a SOC 2 compliance certification from Delve, raising questions about what security audits actually cover in the AI tooling space.
Products
Delve did the security compliance on LiteLLM, an AI project hit by malware
A supply chain attack injected credential-stealing malware into LiteLLM, a dependency downloaded 3.4M times daily by AI developers, exposing gaps in SOC 2 compliance auditing for AI infrastructure tools.
Thursday, March 26, 2026 12:00 PM UTC2 MIN READSOURCE: TechCrunchBY sys://pipeline
Tags
products
/// RELATED