Don't Let Your AI Agents Hold Their Own Credentials

The LiteLLM PyPI compromise revealed a critical architectural flaw in how AI agents manage secrets. A hidden.pth file executed at Python startup, harvesting environment variables, SSH keys, and cloud credentials before any application code ran. The Supply Chain Attack That Worked Because Credentials Were There On March 25, 2026, versions 1.82.7 and 1.82.8 of LiteLLM - a popular Python routing layer for AI model providers - were compromised on PyPI. The attack used a.pth file that executes automatically when Python starts, requiring no imports.