Ten Days After LiteLLM: Why AI Teams Without Audit Trails Are Flying Blind in Breach Response

At 10:39 UTC on March 24, 2026, threat actor group TeamPCP published litellm 1.82.7 to PyPI. At 10:52 UTC, they published 1.82.8. By 11:19 UTC, both versions had been quarantined by PyPI. Forty minutes. In that window, any Python process that installed litellm from PyPI — in a container build, a CI/CD pipeline, or a running production environment — executed a malicious .pth file that automatically harvested SSH keys, cloud credentials, Kubernetes configs, and API tokens, then staged them for exfiltration to attacker-controlled infrastructure at models.litellm.cloud. It is now April 10, 2026. Mercor has confirmed the breach. The Lapsus$ extortion group has claimed the theft of more than 4TB of data — approximately 939 GB of platform source code, 211 GB of user database records, and roughly 3 TB of storage buckets containing video interview recordings and passport scans from more than 40,000 contractors — and has begun auctioning the stolen material on dark web forums. Meta has indefinit