LiteLLM
19 mentions across all digests
LiteLLM is an open-source LLM proxy library that suffered a supply-chain compromise via a malicious wheel file in v1.82.8 on PyPI, cited as a case study in open-source security hardening discussions.
We May Be Living Through the Most Consequential Hundred Days in Cyber History
Simultaneous coordinated breaches of the FBI, Lockheed Martin (375TB), and AI vendor Mercor by four distinct state/criminal actors signal an unprecedented escalation in parallel cyber warfare targeting US infrastructure and AI supply chains.
AI #162: Visions of Mythos
Anthropic's proprietary Mythos model and Claude Code source codebase leak alongside LiteLLM and Axios supply-chain compromises, cascading security failures across AI infrastructure.
My minute-by-minute response to the LiteLLM malware attack
Forensic analysis of suspected LiteLLM supply chain attack reveals orphaned Python processes and base64-encoded payloads were actually normal Claude Code execution behavior, not malware.
My minute-by-minute response to the LiteLLM malware attack
LiteLLM 1.82.8 was poisoned on PyPI with a malicious `.pth` file executing base64 payloads on install—a supply chain attack on a foundational LLM routing library affecting the entire AI ecosystem.
Tell HN: Litellm 1.82.7 and 1.82.8 on PyPI are compromised
Malicious .pth files in LiteLLM 1.82.7 and 1.82.8 (PyPI) automatically steal SSH keys, API tokens, and cloud credentials from any dependent Python project.