LiteLLM Got Hacked. Here's Your AI Supply Chain Audit Checklist.

LiteLLM — the open-source universal LLM proxy that thousands of AI applications depend on — just had its "SolarWinds moment." On March 24, 2026, security researchers discovered that litellm==1.82.8 (and likely 1.82.7 ) on PyPI contained a credential-stealing payload that exfiltrated SSH keys, AWS credentials, Kubernetes secrets, environment variables, shell history, and even crypto wallet files to an attacker-controlled server. The malicious code didn't require importing LiteLLM — it executed automatically the moment Python started, thanks to a .pth file injected into the package. The attack vector? A poisoned Trivy dependency in LiteLLM's CI/CD pipeline that leaked the project's PYPI_PUBLISH token. The attacker used that token to push compromised versions directly to PyPI. 596 points and 244 comments on Hacker News . And the irony is thick: the tool everyone uses to abstract away LLM complexity became a single point of failure for the entire AI middleware stack. ⚠️ If you installed li