According to 1M AI News monitoring, OpenAI founding member Andrej Karpathy posted that the supply chain attack on AI agent development tool LiteLLM is “one of the most terrifying things in modern software.” LiteLLM has 97 million downloads per month, and the infected versions v1.82.7 and v1.82.8 have been removed from PyPI.
Just one command, pip install litellm, is enough to steal SSH keys, AWS/GCP/Azure cloud credentials, Kubernetes configurations, git credentials, environment variables (including all API keys), shell history, encrypted wallets, SSL private keys, CI/CD secrets, and database passwords. Malicious code encrypts data with 4096-bit RSA and transmits it to a disguised domain, models.litellm.cloud, and also attempts to create privileged containers in the kube-system namespace of Kubernetes clusters to implant persistent backdoors.
Even more dangerous is its contagious nature: any project depending on LiteLLM can also be compromised. For example, pip install dspy (which depends on litellm>=1.64.0) will also trigger malicious code. The infected versions only survived about an hour on PyPI before being discovered, ironically because the attacker’s malicious code had a bug that caused memory exhaustion and crashes. Developer Callum McMahon encountered this when using the MCP plugin in the AI programming tool Cursor; LiteLLM was pulled in as a transitive dependency, and after installation, the machine crashed immediately, exposing the attack. Karpathy commented, “If the attacker didn’t vibe code this time, it might go unnoticed for days or even weeks.”
The threat group TeamPCP exploited a configuration flaw in LiteLLM’s CI/CD pipeline using Trivy vulnerability scanner in GitHub Actions at the end of February, stealing PyPI publishing tokens, then bypassing GitHub to upload malicious versions directly to PyPI. Berri AI CEO Krrish Dholakia, the maintainer of LiteLLM, stated that all publishing tokens have been revoked and plans to shift to a JWT-based trusted release mechanism. PyPA issued security advisory PYSEC-2026-2, recommending all users who installed affected versions assume their environment credentials have been compromised and should rotate them immediately.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
BlackRock restores its overweight position in US stocks, saying that the impact of the Middle East conflict is manageable and that AI-driven earnings expectations are rising
BlackRock strategists have again turned bullish on U.S. stocks, taking an overweight view. They believe the impact of the Middle East conflict on the global economy is manageable, and that corporate earnings forecasts are rising. The recent ceasefire and the resumption of shipping are seen as positive signals—especially with the technology sector performing strongly.
GateNews1h ago
Trump: Yesterday, 34 ships transited the Strait of Hormuz, setting the highest record since records began
Gate News message. On April 13, U.S. President Donald Trump said that yesterday (April 12) 34 ships transited the Strait of Hormuz, the highest single-day passage record since the strait was shut down. In addition, Trump said he will submit an updated version of the lawsuit against The Wall Street Journal again on or before April 27 local time.
GateNews6h ago
Trump: If Iran does not reach an agreement within two weeks, the consequences will be very serious
Trump said in his statement that the Strait of Hormuz blockade has begun, and that other countries will assist the U.S. He warned Iran that if it does not reach an agreement within two weeks, it will face an unfavorable situation, and he emphasized that the United States will maintain the status quo. The United States is preparing to take measures to respond to Iran.
GateNews6h ago
The Strait of Hormuz is set to be blocked effective tonight: Trump officially orders the interception of Iranian vessels, and oil prices surge past $102
U.S. President Trump announced a blockade of the Strait of Hormuz and will have it take effect on April 12; oil prices promptly surged. The U.S. military will intercept ships bound for Iran, but it will not affect shipping from other Persian Gulf countries. This move intensifies the global energy crisis, with oil prices breaking above $100, which could affect inflation and central bank policy. The market is also watching how geopolitical risk could impact risk assets.
ChainNewsAbmedia8h ago
Trump Threatens to Impose 50% Tariffs on China: Intelligence Says China Plans to Deliver Air-Defense Weapons to Iran
U.S. President Trump threatens to impose an additional 50% tariff on China, claiming China is preparing to deliver air defense systems to Iran. This has heightened tensions between the U.S. and China. Trump’s threat is largely political pressure, and implementation would require legal procedures. China denies providing military aid and calls for restraint. The incident shakes the market, drives up oil prices, and affects the outlook for cryptocurrency.
ChainNewsAbmedia8h ago
U.S.-Iran talks break down! The U.S. blocks the Strait and is considering restarting airstrikes. Iran: prepared to miss cheap oil
The peace talks between Iran and the United States have broken down. The U.S. has blockaded the Strait of Hormuz and is considering airstrikes, causing international oil prices to break above $100. Bitcoin has fallen below $71,000. Experts warn that the world is facing a severe crude-oil supply shock, and stored oil is about to run out.
CryptoCity9h ago
