{"type":"rich","version":"1.0","provider_name":"Transistor","provider_url":"https://transistor.fm","author_name":"AI Security Ops","title":"LiteLLM Supply Chain Compromise | Episode 47","html":"<iframe width=\"100%\" height=\"180\" frameborder=\"no\" scrolling=\"no\" seamless src=\"https://share.transistor.fm/e/6898b006\"></iframe>","width":"100%","height":180,"duration":1172,"description":"In this episode of BHIS Presents: AI Security Ops, the team breaks down the LiteLLM supply chain compromise–a real-world attack that shows how AI systems are being breached through the same old software supply chain weaknesses.What initially looked like a bad release quickly escalated into a full-scale compromise affecting a library downloaded millions of times per day. But LiteLLM wasn’t the starting point–it was just one link in a much larger attack chain involving compromised security tools, CI/CD pipelines, and stolen publishing credentials.The result? Malicious packages distributed at scale, harvesting secrets, enabling lateral movement, and establishing persistence across affected systems.We dig into:• What LiteLLM is and why it’s such a high-value target• How the attack chain started with compromised security tooling (Trivy, Checkmarx)• How unpinned dependencies enabled the compromise• The role of CI/CD pipelines in exposing sensitive credentials• What the malicious LiteLLM packages actually did (credential harvesting, persistence, lateral movement)• The scale of impact given LiteLLM’s widespread adoption• Why supply chain attacks are no longer theoretical–and no longer nation-state exclusive• How AI is lowering the barrier to entry for attackers• Why this wasn’t really an “AI vulnerability”–but an infrastructure failure• The growing risk of automated, agent-driven attack discoveryThis episode highlights a critical reality: the biggest risks in AI systems aren’t always in the models–they’re in the pipelines, dependencies, and infrastructure surrounding them.⸻📚 Key Concepts & TopicsSupply Chain Security• Dependency poisoning and malicious package distribution• CI/CD pipeline compromise• Version pinning and build integrityCredential & Secrets Exposure• API keys, SSH keys, and cloud credentials in pipelines• Risks of centralized AI gateways like LiteLLMThreat Actor Techniques• Tag rewriting and trusted reference hijacking• Multi-stage malware (harvest,...","thumbnail_url":"https://img.transistorcdn.com/mN9_Xu9UJwoaajIvIvLd-Yygv-Vh_nJwEDItjPY09kA/rs:fill:0:0:1/w:400/h:400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS8zYjBm/MzE1MWI2YmE4ZGJh/MDQ3MmJkMTkxZGNl/MjBjNS5wbmc.webp","thumbnail_width":300,"thumbnail_height":300}