PyPI Supply Chain Attack Compromises LiteLLM, Enabling the Exfiltration of Sensitive Information

InfoQ AI/ML
Generative AI

Discovered by FutureSearch researcher Callum McMahon, a supply chain attack against LiteLLM on PyPI resulted in over 40K downloads of a compromised version that installed a malicious payload capable of harvesting and exfiltrating sensitive information. LiteLLM is downloaded roughly 3M times per day. By Sergio De Simone

Read Full Article