LiteLLM Supply Chain Compromise: SSH Keys and AWS Credentials Exfiltrated
A supply chain attack on LiteLLM, the popular LLM proxy, compromised the package to exfiltrate SSH keys and AWS credentials from every installation.
The proxy that sat between your code and your LLM was compromised from the inside.
LiteLLM โ the widely-used open-source proxy that developers use to manage connections to multiple LLM providers โ suffered a supply chain attack that turned it into an exfiltration tool. The compromised package silently harvested SSH keys and AWS credentials from every system it was installed on.
Trend Micro's investigation revealed the attack had been carefully orchestrated: the malicious code was embedded in an update that looked legitimate, passed automated security checks, and deployed to thousands of production environments before anyone noticed.
The scale of exposure was immense. LiteLLM sits at the intersection of AI infrastructure and cloud credentials โ the exact junction where an attacker gets maximum value. Every developer who updated their LiteLLM installation during the compromise window potentially exposed their most sensitive infrastructure secrets.
The AI supply chain is the new frontier of supply chain attacks. When your LLM tooling is compromised, the blast radius includes everything that tooling can access.
More nightmares like this
MCP Horror: Agent Sent Entire WhatsApp History to an Attacker
An AI agent connected via MCP was tricked into exfiltrating a user's entire WhatsApp message history to an attacker-controlled server.
ClawJacked: OpenClaw Vulnerability Enables Full Agent Takeover โ 1,184 Malicious Skills Discovered
Security researchers discovered a critical OpenClaw vulnerability that allows complete agent takeover, finding 1,184 malicious skills already in the wild capable of hijacking any OpenClaw agent.
Mercor Breach: 939GB of Source Code Exfiltrated via Claude
AI hiring platform Mercor suffered a massive breach where 939GB of source code was exfiltrated through Claude, exposing the company's entire codebase.
CamoLeak: GitHub Copilot Silently Exfiltrated AWS Keys via Invisible Markdown
A critical vulnerability in GitHub Copilot allowed attackers to exfiltrate private source code and AWS credentials through invisible markdown rendering โ the user saw nothing.