📄 中文摘要
2026年3月24日,AI开发者社区再次意识到软件供应链的脆弱性。流行的Python库litellm的两个版本(1.82.7和1.82.8)在PyPI上遭到恶意代码的攻击,变成了一个激进的凭证窃取工具和Kubernetes横向移动工具。尽管恶意版本的存在时间仅为2至5小时,但由于litellm的广泛应用,每天下载量达数百万,且在AI代理框架、MCP服务器、编排工具和生产LLM管道中被广泛使用,这次事件的影响不容小觑。
LiteLLM PyPI 供应链被攻击:一个流行的 LLM 代理如何成为窃取凭证的后门
📄 English Summary
LiteLLM PyPI Supply Chain Compromise: How a Popular LLM Proxy Became a Credential-Stealing Backdoor
On March 24, 2026, the AI developer community was starkly reminded of the fragility of software supply chains. Two versions of litellm, a widely used Python library that acts as a unified proxy for over 100 LLM providers, were compromised on PyPI. Versions 1.82.7 and 1.82.8 contained malicious code that transformed the package into an aggressive credential-stealing tool and a Kubernetes lateral movement tool. Although the malicious releases were available for only 2 to 5 hours, the impact was significant due to litellm's massive adoption, with millions of daily downloads and extensive use in AI agent frameworks, MCP servers, orchestration tools, and production LLM pipelines.