LiteLLM PyPI Compromise: Thin Wrapper Steals Keys

A single pip install of LiteLLM 1.82.8 was enough to run a credential stealer every time Python started, thanks to a hidden .pth file in the wheel. The litellm pypi compromise is not just “another PyPI malware story” — it’s a stress test of the idea that LLM wrappers are harmless glue. TL;DR LiteLLM 1.82.7 and 1.82.8 on PyPI were trojaned with a .pth ‑based credential stealer; if you installed them anywhere, assume your secrets are gone. Lightweight LLM wrappers are structurally high‑leverage supply‑chain targets: widely installed, run in sensitive contexts, and maintained with “convenience‑first” pipelines. From now on, you should treat every upgrade of an LLM wrapper as a security event, not a casual dependency bump. Why the LiteLLM PyPI compromise matters (and why .pth makes it worse) Compressed facts first. On March 24, 2026, users noticed that the litellm==1.82.8 wheel on PyPI contained a new file, litellm_init.pth , about 34 KB in size. Analysis on GitHub and by SafeDep and Futur