OpenAI Swallows Astral: Dev Tools Tilt Toward AI Giants
OpenAI just grabbed Astral, the hot dev tool startup. It's a stark signal: AI labs aren't just building models anymore—they're hoarding the tools devs need to wield them.
#litellm-attack
LiteLLM's PyPI Poison: How Hackers Turned an AI Gateway into a Secret-Scavenger
Two PyPI uploads in March 2026 transformed LiteLLM – your go-to AI proxy – into a data vacuum. It rifled through servers for AWS creds, DB configs, even crypto wallets, all while you imported it blindly.
LiteLLM's Sneaky Supply-Chain Hack Just Bitten Its First Big AI Victim: Mercor
What if the very libraries powering your AI dreams were secretly phoning home to hackers? Mercor, the hot AI recruiting firm, just admitted it's among thousands snared in the LiteLLM supply-chain nightmare.
Large Language Models
LiteLLM Supply Chain Attack: Patched Code, Unseen Data Leaks
Engineers raced to patch LiteLLM after malware slipped in. But for victims like Mercor, the real damage was already done: stolen creds, exfiltrated code.
LiteLLM's Poisoned PyPI Packages Turned Dev Laptops Into Open Credential Safes
One pip install, and your AWS keys were gone. The LiteLLM attack shows developer laptops aren't just tools—they're attacker playgrounds loaded with plaintext secrets.
Mercor's 4TB Nightmare: LiteLLM's Supply Chain Poison Reaches AI Hiring Giant
LiteLLM lurks in 36% of cloud environments — and now it's bitten Mercor hard. Extortionists boast 4TB of pilfered data, from video interviews to VPN creds.