PSA: litellm PyPI package was compromised — if you use DSPy, Cursor, or any LLM project, check your dependencies

r/ChatGPT
Generative AI

If you’re doing AI/LLM development in Python, you’ve almost certainly used litellm - it’s the package that unifies calls to OpenAI, Anthropic, Cohere, etc. It has 97M downloads per month. Yesterday, a malicious version (1.82.8) was uploaded to PyPI.

Read Full Article