The latest LiteLLM package has been compromised. This is an issue because LiteLLM is used as a third party dependency for many python AI tools.
If you installed any python AI tool recently and it pulled in the latest litellm as a transitive dependency then you are at risk. You will need to search for the file "litellm_init.pth" and delete it. This file is malicious and it runs on starting python and steals your secret keys and posts it to a remote server.
This is a classic "supply chain attack". This malicious file is not present in the github repo. The hacker has got access to the package repository (via a compromised auth token) and has manually uploaded this malicious version bypassing the regular deployment pipeline.
A few years ago I wrote about supply chain attacks and how PyPI now has a trusted publisher program to tackle this very issue. Not sure why litellm was not a part of the program or what happened, but its another reminder of how important supply chain attacks are.
Recent Articles
- • Claude Code as My Personal Agentic Framework Mar 26, 2026
- • Astral Joins OpenAI Mar 19, 2026
- • Validation Harnesses for AI Agents Mar 18, 2026
- • AI Design for the real world Mar 06, 2026