#cloud-credential-theft

LiteLLM's PyPI Poison: How Hackers Turned an AI Gateway into a Secret-Scavenger

Two PyPI uploads in March 2026 transformed LiteLLM – your go-to AI proxy – into a data vacuum. It rifled through servers for AWS creds, DB configs, even crypto wallets, all while you imported it blindly.

Litellm PyPI Breach: 67,000 Downloads Delivered Root Access to Attackers

67,000 downloads. That's how many times developers pulled the poisoned litellm package from PyPI in recent weeks. Each one potentially handing over AWS keys, SSH access, and K8s secrets to hackers.