A PyPI software supply chain attack hit LiteLLM — a library pulled into developer environments 97 million times a month — and if you use it, you may already be compromised. This wasn't a fake package or a typo-squatting trick. Attackers stole real credentials, published malicious code as the real thing, and walked out with SSH keys, cloud credentials, Kubernetes tokens, API keys, and more — all encrypted and sent home before anyone knew what happened.
I'm doing something I've never done before: an emergency episode, recorded and published immediately because this is that serious. I brought in Dr. Mike Saylor, co-author of our book Learning Ransomware Response and Recovery, and my co-host Prasanna Malaiyandi to break down exactly what happened, how to find out if you were hit, and what you need to do to protect yourself going forward.
We open with a story from 1982 that perfectly captures what this attack really is — getting poisoned by something you trusted completely. That framing matters. This wasn't a failure of the library. It was a failure of the supply chain. And it can happen again.
Chapters:
00:00:00 - Intro: Why this is an emergency episode
00:01:35 - Meet the guests: Dr. Mike Saylor and Prasanna Malaiyandi
00:02:31 - The Tylenol poisoning analogy and what it means for software supply chains
00:05:51 - What LiteLLM is and what the malware actually did to your environment
00:09:04 - Dependencies explained: why you're affected even if you didn't install LiteLLM directly
00:12:24 - How to find out if you were hit: the first things to check right now
00:14:23 - IOCs and TTPs: what to look for in your logs and on your systems
00:19:07 - Network indicators: unusual traffic and what it tells you
00:22:12 - How security teams can find out if developers installed it without telling anyone
00:30:38 - Action items for the future: inventory, pinning, and hash verification
00:36:55 - Sandboxing new downloads before they touch your environment
00:37:59 - Immutable backups: why this attack makes the case for them
00:40:33 - Modern authentication: MFA, its limits, and why passkeys matter
00:46:53 - Where to get threat intel so you hear about attacks like this faster
00:53:23 - Wrap-up
If you installed or upgraded LiteLLM on or after March 24, 2026 without a pinned version, stop what you're doing and listen to this episode first.
The story:
https://futuresearch.ai/blog/litellm-pypi-supply-chain-attack/
https://securitylabs.datadoghq.com/articles/litellm-compromised-pypi-teampcp-supply-chain-campaign/
https://snyk.io/articles/poisoned-security-scanner-backdooring-litellm/
https://www.wiz.io/blog/threes-a-crowd-teampcp-trojanizes-litellm-in-continuation-of-campaign
https://checkmarx.com/zero-post/python-pypi-supply-chain-attack-colorama/
https://www.upwind.io/feed/litellm-pypi-supply-chain-attack-malicious-release
https://docs.litellm.ai/blog/security-update-march-2026
https://www.helpnetsecurity.com/2026/03/25/teampcp-supply-chain-attacks/
https://www.darktrace.com/resources/the-cisos-guide-to-cyber-ai
https://securitylabs.datadoghq.com/articles/litellm-compromised-pypi-teampcp-supply-chain-campaign/
Resources:
