Your AI Gateway Got Owned: The LiteLLM PyPI Compromise Is a Supply Chain Story Worth Studying
A malicious version of LiteLLM sat on PyPI for days, stealing credentials from thousands of AI shops. The attack itself is boring. The failure modes that enabled it are not.