The latest LiteLLM package has been compromised. This is an issue because LiteLLM is used as a third party dependency for many python AI tools.
If you installed any python AI tool recently and it pulled in the latest litellm as a transitive dependency then you are at risk. You will need to search for the file "litellm_init.pth" and delete it. This file is malicious and it runs on starting python and steals your secret keys and posts it to a remote server.
This is a classic "supply chain attack". This malicious file is not present in the github repo. The hacker has got access to the package repository (via a compromised auth token) and has manually uploaded this malicious version bypassing the regular deployment pipeline.
A few years ago I wrote about supply chain attacks and how PyPI now has a trusted publisher program to tackle this very issue (Twitter thread). Not sure why litellm was not a part of the program or what happened, but its another reminder of how important supply chain attacks are.
Thanks Ankur Gupta for sharing.
Recent Articles
- • Running AI Models Locally on Consumer Hardware Jun 15, 2026
- • AI Coding for Free Using Local LLMs at Chennaipy Meetup Jun 08, 2026
- • Pi and Py: Demoing an Open-Source Agentic Coding Assistant Jun 05, 2026
- • Is Clean Code Still Relevant in the AI Age? May 04, 2026
- • AI Agents Need Hard Boundaries Apr 24, 2026