Supply chain attack alert: LiteLLM 1.82.8 is compromised.

Textbook PyPI supply chain attack, now targeting AI infrastructure. Treat your LLM stack like any other production dependency.

What is this and why should I care? LiteLLM is a popular open-source proxy that translates between OpenAI-compatible APIs and other LLM backends, widely used to route apps through self-hosted or private cloud models.

Impact: Version 1.82.8 on PyPI contains a malicious .pth file that executes a credential stealer automatically every time Python starts. No import required.

What it grabs: environment variables, SSH keys, AWS/GCP/Azure credentials, Kubernetes configs, shell history, Docker configs, git credentials, and crypto wallets. Everything is encrypted and exfiltrated to an attacker-controlled server.

If you installed litellm==1.82.8, assume full credential compromise.

Immediate actions:

• Check for litellm_init.pth in your site-packages/

• Rotate every secret on every affected system

• Audit CI/CD pipelines, containers, and dev machines

https://github.com/BerriAI/litellm/issues/24512

This is exactly the kind of risk I help organizations assess and defend against. If you need help securing your AI tooling or software supply chain, let’s talk. helminfosec.com

• Reviewing AI tools and infrastructure

• Developing AI acceptable use policies

• Ensuring compliance across your SaaS stack

• Vendor and third-party risk management

• Incident response planning and tabletop exercises

#informationsecurity #cybersecurity #supplychainattack #appsec #llmsecurity #python #pypi #infosec