LiteLLM in the Media
44 mentions across press, blogs, and newsletters
May 2026
TeamPCP Compromised LiteLLM in AI Supply Chain Attack
TeamPCP used malicious LiteLLM packages to steal AI and cloud credentials in a software supply chain attack. The post TeamPCP Compromised LiteLLM in AI Supply Chain Attack appeared
Forcepoint details TeamPCP supply chain attack that turned LiteLLM into a credential stealer
A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that compromised LiteLLM, a widely used open-source Python library that serves as a unified gateway to more than 100 large language model providers, turning two malicious releases
Microsoft Edge, Windows 11 and LiteLLM Hacked in Pwn2Own Berlin 2026
Pwn2Own Berlin 2026 opened with a surge of zero-day exploits targeting modern browsers, operating systems, and emerging AI platforms. On Day One alone, security researchers successfully hacked Microsoft Edge, Windows 11, and LiteLLM, earning a total of $523,000 for 24 unique vulnerabilities. The
Microsoft Edge, Windows 11, and LiteLLM Fall to Exploits at Pwn2Own Berlin 2026
The world’s top ethical hackers wasted no time breaking into modern software and AI systems on the opening day of Pwn2Own Berlin 2026, exposing critical zero-day vulnerabilities in Microsoft Edge, Windows 11, LiteLLM, and NVIDIA platforms. On May 14, researchers demonstrated 24 unique zero-day ex
U.S. CISA adds a flaw in BerriAI LiteLLM to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in BerriAI LiteLLM to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in BerriAI LiteLLM, tracked as CVE-2026-42208 (CVSS score of 9.3), to its Know
April 2026
CVE-2026-42208: LiteLLM bug exploited 36 hours after its disclosure
Attackers quickly exploited a critical LiteLLM flaw (CVE-2026-42208) to access and modify sensitive database data via SQL injection. Attackers rapidly exploited a critical vulnerability in LiteLLM Python package, tracked as CVE-2026-42208, just days after it became public. The vulnerability, an SQL
Fresh LiteLLM Vulnerability Exploited Shortly After Disclosure
The vulnerability allows attackers to read data from a LiteLLM proxy’s database and potentially modify it. The post Fresh LiteLLM Vulnerability Exploited Shortly After Disclosure appe
LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure
In yet another instance of threat actors quickly jumping on the exploitation bandwagon, a newly disclosed critical security flaw in BerriAI's LiteLLM Python package has come under active exploitation in the wild within 36 hours of the bug becoming public knowledge. The vulnerability, tracked as CVE-
Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw
Hackers are targeting sensitive information stored in the LiteLLM open-source large-language model (LLM) gateway by exploiting a critical vulnerability tracked as CVE-2026-42208. [...]
Critical LiteLLM SQL Injection Vulnerability Exploited in the Wild
A critical pre-authentication SQL injection vulnerability in LiteLLM, a widely used open-source AI gateway with over 22,000 GitHub stars, is actively being exploited in the wild. Tracked as CVE-2026-42208, this severe flaw allows unauthorized attackers to extract highly sensitive cloud and AI pro
Critical LiteLLM Flaw Enables Database Attacks Through SQL Injection
A critical pre-authentication SQL injection vulnerability, identified as CVE-2026-42208, has been discovered in the popular LiteLLM gateway, allowing attackers to access databases without credentials. Cybercriminals have already been observed exploiting this flaw to target high-value secrets such
Meta Pauses Work With Mercor After LiteLLM-Linked Data Breach
A poisoned LiteLLM update hit Mercor, and Meta pulled the brake. The breach is now a warning flare for AI vendors built on open-source plumbing. The post Meta Pauses Work With Mercor After L
How LiteLLM Turned Developer Machines Into Credential Vaults for Attackers
The most active piece of enterprise infrastructure in the company is the developer workstation. That laptop is where credentials are created, tested, cached, copied, and reused across services, bots, build tools, and now local AI agents. In March 2026, the TeamPCP threat act
Mercor confirms breach in LiteLLM supply-chain attack, exposing 4TB of candidate data and source code
Mercor has confirmed it was caught in a supply-chain attack tied to LiteLLM—an incident that may have exposed up to 4TB of sensitive data, including candidate records, internal code, and identity documents. The disclosure comes days after reports surfaced that […] The post <a href="h
Mercor Hit by LiteLLM Supply Chain Attack
The AI recruiting firm is investigating the incident as Lapsus$ claimed the theft of 4TB of Mercor data. The post Mercor Hit by LiteLLM Supply Chain Attack appeared first on <a href="https://www.securityw
AI recruiting biz Mercor says it was 'one of thousands' hit in LiteLLM supply-chain attack
First public downstream victim, but won't be the last AI hiring startup Mercor confirmed it was "one of thousands of companies" affected by the LiteLLM supply-chain attack as the fallout from the Trivy compromise continues to spread.…
Mercor confirms security incident tied to LiteLLM supply chain attack
Although the LiteLLM attack was reportedly tied to a group called TeamPCP, the hacking gang Lapsus$ claimed on its website that it obtained hundreds of gigabytes of Mercor’s data.
SentinelOne autonomous detection blocks trojaned LiteLLM triggered by Claude Code
SentinelOne AI stopped a LiteLLM supply chain attack in seconds, blocking malicious code automatically without human intervention. SentinelOne’s AI-based security detected and blocked a supply chain attack involving a compromised LiteLLM package. SentinelOne’s macOS agent detected and stopped a mali
Mercor says it is "one of thousands of companies" hit by the recent LiteLLM attack
LiteLLM, a very popular AI developer tool, recently suffered a security breach with a huge blast radius that included AI hirin
Mercor says it was hit by cyberattack tied to compromise of open-source LiteLLM project
The AI recruiting startup confirmed a security incident after an extortion hacking crew took credit for stealing data from the company's systems.
March 2026
Telnyx, LiteLLM and Axios: the supply chain crisis
A cascading wave of supply chain attacks has hit npm and PyPI in under two weeks. LLMs are making it worse, and current mitigations aren't enough.
Popular AI gateway startup LiteLLM ditches controversial startup Delve
LiteLLM had obtained two security compliance certifications via Delve and fell victim to some horrific credential-stealing malware last week.
Telnyx joins LiteLLM in latest PyPI package poisoning tied to Trivy breach
Also, EU probes Snapchat, RedLine suspect extradited, AstraZeneca leak claim surfaces, and more infosec in brief The cybercrime crew linked to the Trivy supply-chain attack has struck again, this time pushing malicious Telnyx package versions to PyPI in an effort to pla
LiteLLM Supply Chain Attack Exposes Credentials Across AI Ecosystems
A backdoored LiteLLM package enabled credential theft and persistence, exposing software supply chain risks. The post LiteLLM Supply Chain Attack Exposes Credentials Acro
My minute-by-minute response to the LiteLLM malware attack
My minute-by-minute response to the LiteLLM malware attack Callum McMahon reported the LiteLLM malware attack to PyPI. Here he shares t
Silicon Valley’s two biggest dramas have intersected: LiteLLM and Delve
LiteLLM offers an AI open source project used by millions that was infected by credential harvesting malware.
Mass mobilization on the dark web: 300K users get access to ransomware tools after LiteLLM hack - Cybernews
Mass mobilization on the dark web: 300K use
Delve did the security compliance on LiteLLM, an AI project hit by malware
LiteLLM offers an AI open source project used by millions that was infected by credential harvesting malware.
LiteLLM Hack: Were You One of the 47,000?
LiteLLM Hack: Were You One of the 47,000? Daniel Hnyk used the BigQuery PyPI dataset to determine how m
TeamPCP Hits Trivy, Checkmarx, and LiteLLM in Credential Theft Campaign
Deeba Ahmed reports on some of TeamPCP’s dangerously effective recent activities: What Happened? The trouble began on 19 March 2026, when a hacking group calling themselves TeamPCP managed to break into Trivy, a popular tool used by developers to scan their code for security vulnerabilities. T
Massive compromise hits LiteLLM and the whole AI developers community: how did it happen? - Cybernews
Massive compromise hits LiteLLM and
TeamPCP Expands Supply Chain Campaign With LiteLLM PyPI Compromise
Python package LiteLLM compromised with credential-stealing malware linked to TeamPCP threat group
PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials
PyPI
TeamPCP Hits Trivy, Checkmarx, and LiteLLM in Credential Theft Campaign
Hackers compromised Trivy, Checkmarx, and LiteLLM in a supply chain attack, stealing cloud credentials, tokens, and crypto wallet data from developers.
Malicious LiteLLM versions linked to TeamPCP supply chain attack
TeamPCP backdoored LiteLLM v1.82.7–1.82.8, likely via Trivy CI/CD, adding tools to steal credentials, move in Kubernetes, and keep persistent access. Threat actor TeamPCP compromised LiteLLM versions 1.82.7 and 1.82.8, likely through a Trivy CI/CD breach. LiteLLM, with over 95 million monthly downlo
LiteLLM Supply Chain Attack Steals 300GB Data and 500K Credentials
SlowMist’s CISO warns crypto developers to urgently check systems, rotate keys, and review logs to prevent losses like Trust Wallet’s breach.
Compromised LiteLLM Package With 95M Downloads Tied to TeamPCP, After Trivy & KICS Hacks
Security researchers discovered that the popular Python library litellm was compromised on PyPI. With over 95 million monthly downloads, this open-source tool helps developers route requests across various LLM providers through a single API. The threat actor, identified as TeamPCP, injected malic
Popular LiteLLM PyPI package compromised in TeamPCP supply chain attack
The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of devices during the attack. [...]
Popular AI proxy LiteLLM got hacked with malware that spreads through Kubernetes clusters
LiteLLM, a popular open-sou
LiteLLM loses game of Trivy pursuit, gets compromised
Python interface for LLMs infected with malware via polluted CI/CD pipeline Two versions of LiteLLM, an open source interface for accessing multiple large language models, have been removed from the Python Package Index (PyPI) following a supply chain attack that injected them with malic
Three’s a Crowd: TeamPCP trojanizes LiteLLM in Continuation of Campaign
LiteLLM is the latest victim of TeamPCP’s open-source attack spree. Malicious versions 1.82.7 and 1.82.8 abuse Python’s .pth mechanism for stealthy persistence. The malware exfiltrates cloud credentials, CI/CD secrets, and keys to attacker-controlled domains.
TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 Likely via Trivy CI/CD Compromise
TeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm, pushing two malicious versions containing a credential harvester, a Kubernetes lateral movement toolkit, and a persistent backdoor. Multiple security vendors, includ
New supply chain attack hits LiteLLM with 95M monthly downloads
A new supply chain attack has compromised the widely used LiteLLM Python library on PyPI, planting credential-stealing malware in packages downloaded over 95 million times per month. The activity has been attributed to TeamPCP, the same threat actor behind the recent Trivy compromises. Endor Labs
Malicious litellm_init.pth in litellm 1.82.8 — credential stealer
Malicious litellm_init.pth in litellm 1.82.8 — credential stealer The LiteLLM v1.82.8 package published to PyPI was compromised with a particularly nasty credential stealer hidden in base64 in a litellm_init.
Toolradar Research
See LiteLLM in context: The SaaS Press Index 2026
We analyzed 6,704 press mentions across 290 outlets to rank which SaaS tools win coverage. Find LiteLLM's position relative to the 488 most-covered tools.
Read the reportExplore LiteLLM
Press coverage is one signal. See the full picture.