LiteLLM Was Backdoored: What the TeamPCP Supply Chain Attack Means for Python AI Projects

On March 24, 2026, threat actor TeamPCP published two compromised versions of LiteLLM to PyPI. If you work with Python AI tooling, this one is worth understanding in detail, because the attack technique will be reused. What Happened Versions 1.82.7 and 1.82.8 of LiteLLM contained malicious payloads after attackers obtained the maintainer's PyPI credentials. The credential theft wasn't a direct attack on LiteLLM. It was the third step in a cascade: March 19: TeamPCP compromised Trivy, an open-source security scanner March 21: Used the compromised Trivy action to steal credentials from Checkmarx's CI pipeline March 24: Used stolen credentials from LiteLLM's CI/CD pipeline (which ran Trivy) to publish malicious packages The malicious versions executed in two different ways. Version 1.82.7 embedded a base64-encoded payload in litellm/proxy/proxy_server.py ; it fires when anything imports litellm.proxy . Version 1.82.8 was more aggressive: it added a litellm_init.pth file to site-packages,

LiteLLM Was Backdoored: What the TeamPCP Supply Chain Attack Means for Python AI Projects

Related Articles

The best way to protect your phone from a warrantless search in 2026

Roku launches a standalone app for Howdy, its $2.99 streaming service

Meta launches two new Ray-Ban glasses designed for prescription wearers

You’re a Bad Friend. So I Built an App to Help.

Aston Martin Valhalla (2026) Review: A $1 Million Plug-In Hybrid

Related Articles

News
The best way to protect your phone from a warrantless search in 2026
ZDNet • 3h ago

News
Roku launches a standalone app for Howdy, its $2.99 streaming service
TechCrunch • 3h ago

News
Meta launches two new Ray-Ban glasses designed for prescription wearers
TechCrunch • 3h ago

News
You’re a Bad Friend. So I Built an App to Help.
Medium Programming • 4h ago

News
Aston Martin Valhalla (2026) Review: A $1 Million Plug-In Hybrid
Wired • 4h ago