The LiteLLM Supply Chain Attack: How to Check If You're Compromised and Harden Your AI Python Stack

On March 24, 2026, LiteLLM — the most popular open-source LLM proxy with ~97 million monthly PyPI downloads — was compromised. Versions 1.82.7 and 1.82.8 contained credential-stealing malware that harvested SSH keys, cloud credentials, Kubernetes tokens, API keys, and more from every machine that installed them. This wasn't a one-off. It was the third strike in a coordinated campaign by threat actor TeamPCP , who first compromised Aqua Security's Trivy scanner, then Checkmarx's GitHub Actions, and finally used stolen CI/CD credentials to poison LiteLLM on PyPI. Here's what happened, how to check if you're affected, and — most importantly — how to harden your Python AI stack so this doesn't burn you again . What the Malware Did Two injection vectors, same payload: v1.82.8 used a .pth file ( litellm_init.pth ) placed in site-packages/ . Python's site module executes .pth imports at interpreter startup — meaning every Python process on the machine triggered it, not just LiteLLM imports. v