The Hidden Supply Chain Risk in Your `pip install`

This Is Not an Anomaly The LiteLLM incident is part of an accelerating pattern: 454,000+ new malicious packages in open-source registries in 2025 Malicious packages grew 188% YoY in Q2 2025 1 in 5 PyPI releases had CVSS 7.0+ vulnerabilities in 2025 AI supply chain attacks grew 210% YoY in H1 2026 The Dependency Surface Area Problem Package Installed Size Dependencies LiteLLM ~16.5 MB 200+ NeuralBridge SDK 110 KB 0 That is 150x the attack surface. Your AI reliability solution might be your biggest security liability.