Earlier today the @LiteLLM team was made aware of a supply chain attack impacting PyPI packages litellm==1.82.7 and litellm==1.82.8. The packages have been removed from PyPI. We confirmed that the compromise came from a Trivy dependency in our CI/CD https://t.co/20O2Fg93k9
LiteLLM Discloses Supply Chain Attack on Two PyPI Packages
· Updated
LiteLLM, an open-source AI gateway, disclosed that two PyPI packages were compromised in a supply chain attack on March 24, 2026. The suspected entry point was Trivy, the security scanning tool LiteLLM used in its own CI/CD pipeline.
v1.82.7 and v1.82.8 on PyPI were compromised on March 24, 2026. The attacker injected a credential stealer into proxy_server.py — harvesting environment variables, SSH keys, cloud credentials (AWS, GCP, Azure), Kubernetes tokens, and database passwords, then exfiltrating them to a domain not affiliated with LiteLLM.The suspected entry point was Trivy, the security scanner in LiteLLM's CI/CD workflow. LiteLLM's team believes this is linked to a broader Trivy supply chain compromise in which stolen credentials reportedly accessed the publishing pipeline — the tool meant to protect releases became the attack surface.
If you installed LiteLLM via pip on March 24 between 10:39 and 16:00 UTC without a pinned version — or if an AI agent framework or MCP server pulled it in transitively — treat credentials on that system as compromised and rotate them. Docker image users and LiteLLM Cloud were not affected.
Every HeadsUpAI update is written based on its original source and reviewed before it's published. Read our editorial standards →






