LiteLLM version 1.82.8 was found to contain malicious code on PyPI — a `.pth` file executing base64-encoded subprocess payloads, meaning any install or upgrade was compromised. Callum McMahon used Claude to confirm the malicious payload in an isolated Docker container and identify the correct PyPI security contact, then published his full Claude transcript using Simon Willison's claude-code-transcripts tool. A direct supply chain attack on one of the most widely-used LLM routing libraries, with real-world AI-assisted incident response.
Safety
My minute-by-minute response to the LiteLLM malware attack
LiteLLM 1.82.8 was poisoned on PyPI with a malicious `.pth` file executing base64 payloads on install—a supply chain attack on a foundational LLM routing library affecting the entire AI ecosystem.
Friday, March 27, 2026 12:00 PM UTC2 MIN READSOURCE: Simon WillisonBY sys://pipeline
Tags
safety
/// RELATED
Infrastructure4d ago
micro-benchmarks don’t tell the whole story
Rust's HTTP frameworks dominate raw throughput benchmarks (316k req/s), but the analysis reveals micro-benchmarks measure only socket performance and ignore real-world application bottlenecks that determine actual user experience.
Infrastructure6d ago
Linux 7.0 Broke PostgreSQL: The Preemption Regression Explained
A 50% PostgreSQL performance cliff on Linux 7.0: AWS engineer traces the regression to the kernel's removal of PREEMPT_NONE and its clash with spinlock-based buffer management.