LiteLLM Got Hacked. Here's Your AI Supply Chain Audit Checklist.

LiteLLM - the open-source universal LLM proxy that thousands of AI applications depend on - just had its "SolarWinds moment." On March 24, 2026, security researchers discovered that litellm==1.82.8 (and likely 1.82.7 ) on PyPI contained a credential-stealing payload that exfiltrated SSH keys, AWS credentials, Kubernetes secrets, environment variables, shell history, and even crypto wallet files to an attacker-controlled server. The malicious code didn't require importing LiteLLM - it executed automatically the moment Python started, thanks to a.pth file injected into the package.