One .pth File. Every Secret on Your Machine. The LiteLLM Supply Chain Attack, Dissected.
LiteLLM 1.82.7 and 1.82.8 contained a credential stealer that ran on every Python startup without a single import. Here is the full technical post-mortem and what every AI developer must do right now.
March 25, 202615 min read