Another PyPI package got compromised — here's why I stopped relying on multi-provider AI SDKs

Another PyPI package got compromised — here's why I stopped relying on multi-provider AI SDKs The Telnyx Python SDK was compromised on PyPI today. This is the second major AI/telecom SDK supply chain attack in two weeks. LiteLLM was hit before that. If you haven't noticed the pattern yet, you should. What happened with Telnyx The Telnyx package on PyPI was backdoored. If you ran pip install telnyx in the last 24 hours, you may have pulled malicious code onto your machine. Telnyx themselves confirmed it and are working on remediation. This follows the LiteLLM supply chain attack from two weeks ago, where malicious code was injected into the LiteLLM package — an SDK used by thousands of AI applications. The pattern is clear Here's what these attacks have in common: Complex dependency graphs — both LiteLLM and Telnyx SDKs pull in dozens of sub-packages High-value targets — packages that touch AI APIs or communications are goldmines for attackers Trusted by CI/CD pipelines — pip install in