A PyPI software supply chain attack hit LiteLLM — 97 million downloads a month — and your credentials may already be gone. Here's what happened and what to do.

This is an emergency episode. No waiting for Monday. A PyPI software supply chain attack compromised LiteLLM, one of the most widely used AI libraries on the planet, and we recorded this the same day because if you're in a developer environment, you need to know about this now.

Attackers didn't fake a package or misspell a name. They stole real credentials from a CI/CD pipeline — by first compromising Trivy, a security scanner LiteLLM used in its own build process — then used those credentials to publish two malicious versions of the real LiteLLM library directly to PyPI. The malware grabbed SSH keys, cloud credentials, Kubernetes tokens, API keys, database passwords, and more, encrypted everything, and sent it home. If you run Kubernetes, it tried to spread to every node in your cluster.

I brought in Dr. Mike Saylor — co-author of our book Learning Ransomware Response and Recovery — and co-host Prasanna Malaiyandi to break this down from every angle: what happened technically, how to find out if you were hit, what to do right now if you were, and how to protect yourself from this class of attack going forward.

We open with a story from 1982 that Mike and I use in our book — getting poisoned by your own medicine cabinet. It has never been more relevant than it is today.

If you installed LiteLLM on March 24, 2026 without a pinned version, or if you use any open source Python libraries in your environment without pinning and hash verification, this episode is for you.

00:00:00 - Intro: Why this is an emergency episode
00:01:35 - Meet the guests: Dr. Mike Saylor and Prasanna Malaiyandi
00:02:31 - The 1982 Tylenol poisoning story and what it means for software today
00:05:51 - What LiteLLM is and what the malware actually stole from your environment
00:09:04 - Dependencies explained: why you may be affected even if you never installed LiteLLM directly
00:12:24 - How to find out right now if you were hit
00:14:23 - IOCs and TTPs: what to look for in your logs and on your systems
00:19:07 - Network indicators and unusual traffic patterns to watch for
00:22:12 - How security teams can determine if developers installed it without telling anyone
00:30:38 - Action items for the future: software inventory, version pinning, hash verification
00:36:55 - Sandboxing new downloads before they touch your environment
00:37:59 - Immutable backups: why this attack makes the case for them
00:40:33 - Modern authentication: MFA, its real limits, and why passkeys are the direction we need to go
00:46:53 - Where to get threat intel so the next attack doesn't catch you off guard
00:53:23 - Wrap-up