Llms Machine Learning

[D] Litellm supply chain attack and what it means for api key management

Reddit - Machine Learning 1 min read

About this article

If you missed it, litellm versions 1.82.7 and 1.82.8 on pypi got compromised. malicious .pth file that runs on every python process start, no import needed. it scrapes ssh keys, aws/gcp creds, k8s secrets, crypto wallets, env vars (aka all your api keys). karpathy posted about it. the attacker got in through trivy (a vuln scanner ironically) and stole litellm's publish token. 2000+ packages depend on litellm downstream including dspy and mlflow. the only reason anyone caught it was because th...

You've been blocked by network security.To continue, log in to your Reddit account or use your developer tokenIf you think you've been blocked by mistake, file a ticket below and we'll look into it.Log in File a ticket

Originally published on March 28, 2026. Curated by AI News.
Read Original Article
Share on X Share on LinkedIn Share on Facebook

Related Articles

Llms

[P] TurboQuant for weights: near‑optimal 4‑bit LLM quantization with lossless 8‑bit residual – 3.2× memory savings

An adaptation of the recent TurboQuant algorithm (Zandieh et al., 2025) from KV‑cache quantization to model weight compression. It gives ...

Reddit - Machine Learning · 1 min ·
Anthropic's Claude popularity with paying consumers is skyrocketing | TechCrunch
Llms

Anthropic's Claude popularity with paying consumers is skyrocketing | TechCrunch

Estimates for total Claude consumer users are all over the map (we've seen figures ranging from 18 million to 30 million). Anthropic hasn...

TechCrunch - AI · 5 min ·
Llms

I built a single platform integrating GPT-5.2, Grok 4, Claude 3.5, Gemini 3.1 Pro, Luma, Kling, ElevenLabs, OpenAI WebRTC and 50+ tools with shared persistent memory - is this the future of AI or have I over-engineered a mess?

I want to be upfront - I'm a solo founder, not a senior engineer. My background is business, not computer science, though I do have a com...

Reddit - Artificial Intelligence · 1 min ·
Why OpenAI killed Sora | The Verge
Llms

Why OpenAI killed Sora | The Verge

OpenAI’s video-generation AI app, Sora, is dead as of Tuesday. OpenAI said it needs to focus its existing compute on its AI agent goals a...

The Verge - AI · 10 min ·
More in Llms: This Week Guide Trending

No comments

Sign in to comment

No comments yet. Be the first to comment!

Stay updated with AI News

Get the latest news, tools, and insights delivered to your inbox.

Subscribe to Newsletter

Daily or weekly digest • Unsubscribe anytime