AI Infrastructure Supply Chain Poisoning Alert
Essential information
- Published
- 27/03/2026 19:59
- Modified
- 27/03/2026 19:31
- Source / Author
- AlienVault
- Confidence
- 100/100
- Report type(s)
- threat-report
- Labels / Tags
- ai infrastructure credential theft kubernetes litellm open source pypi software security supply chain attack
- Tags
- 2026-03-27 ai infrastructure credential-theft kubernetes litellm open-source pypi software security supply chain attack
- Related entities
- 4 indicators, 4 observables, 1 intrusion sets (apt), 16 techniques (mitre)
Description
A supply chain poisoning attack on LiteLLM, a popular AI model gateway, was detected by NSFOCUS Technology CERT. The TeamPCP group compromised the Trivy security scanning tool used in LiteLLM's release process, allowing them to publish malicious versions 1.82.7 and 1.82.8 on PyPI. These versions contained credential-stealing programs that collected sensitive data and, if a Kubernetes cluster was detected, deployed privileged Pods and implanted persistent backdoors. The attack impacted numerous dependent packages and potentially affected millions of users. The incident highlights the growing risks in AI infrastructure and the need for robust supply chain security measures.