Subscribe to the Non-Human & AI Identity Journal

LiteLLM PyPI Package Breach: Credentials Stolen from Users

In March 2026, the cybersecurity landscape was rattled by a significant data breach involving the widely-used LiteLLM Python package on the Python Package Index (PyPI). This open-source library, which acts as a conduit to multiple large language model (LLM) providers via a unified API, has garnered immense popularity, recording over 3.4 million downloads per day. The breach, orchestrated by the infamous TeamPCP hacking group, has raised alarms as it reportedly compromised data from hundreds of thousands of devices. The scale of this incident is particularly concerning given the critical role LiteLLM plays in various applications and services. As we delve deeper into the specifics of this breach, we will explore the timeline of events, the mechanisms of the attack, and its far-reaching implications for users and organizations alike.

What Happened

The breach of the LiteLLM package was detected on March 24, 2026, when security researchers at Endor Labs uncovered malicious versions of LiteLLM (versions 1.82.7 and 1.82.8) that had been published to PyPI. Here is a timeline of the key events:

  • March 24, 2026: Endor Labs reports the discovery of compromised LiteLLM versions.
  • March 24, 2026: TeamPCP claims responsibility for the attack, indicating a sophisticated supply-chain compromise.
  • March 24, 2026: Affected users begin to report unusual activity and data exfiltration.

Upon initial detection, the malicious versions of LiteLLM were found to deploy an infostealer capable of harvesting a wide array of sensitive user data, including:

  • API keys
  • User credentials
  • Configuration files
  • Personal identification information

This breach not only represents a direct attack on users of the LiteLLM package but also highlights the vulnerabilities present in the software supply chain, making it a critical point of concern for developers and organizations relying on open-source libraries.

How It Happened

The TeamPCP hacking group executed the LiteLLM breach through a well-orchestrated supply-chain attack, which is becoming increasingly common in today’s threat landscape. The attack vector involved exploiting vulnerabilities in the package’s development and deployment process, allowing the attackers to publish malicious code to the official PyPI repository. Key factors contributing to the success of this breach included:

  • Weaknesses in Package Maintenance: The compromised versions of LiteLLM were integrated with malicious code without adequate scrutiny during the review process.
  • Manipulation of Trust: Attackers leveraged the trust users place in widely-used packages, making it easier for the malicious versions to be downloaded and executed.
  • Insufficient Security Practices: The absence of robust security practices in package management, such as automated security scans and dependency checks, created an environment ripe for exploitation.

Attribution of this attack to TeamPCP further underscores the sophistication of the threat actors involved. This group has a history of targeting software supply chains, as evidenced by their previous breach of Aqua Security’s Trivy vulnerability scanner, which led to significant downstream impacts on other projects.

Impact

The immediate consequences of the LiteLLM breach were devastating for both the organization behind the package and its users. For the developers, the breach not only undermined the integrity of their product but also raised serious concerns about the security of their development practices. Users experienced a loss of confidence, as evidenced by:

  • Financial Losses: Organizations using the compromised package faced potential financial repercussions from data loss, regulatory fines, and increased cybersecurity spending to mitigate the fallout.
  • Legal Consequences: The breach prompted investigations from regulatory bodies, exposing the developers to potential legal liabilities stemming from inadequate security measures.
  • Long-term Reputation Damage: Trust in the LiteLLM package was severely compromised, with many users seeking alternatives and questioning the overall security of open-source libraries.

Furthermore, the incident illustrated broader industry implications, highlighting the vulnerability of software supply chains and the pressing need for enhanced security measures across the open-source ecosystem.

Recommendations

To mitigate the risks associated with software supply chain attacks like the LiteLLM breach, organizations should adopt a multi-faceted security approach. Here are some actionable recommendations:

  • Implement Robust Code Review Processes: Ensure that all third-party packages undergo comprehensive security reviews before deployment.
  • Integrate Automated Security Tools: Utilize automated tools for vulnerability scanning and dependency management to identify potential risks in real-time.
  • Encourage Security Awareness Training: Train developers on secure coding practices and the risks associated with open-source dependencies.
  • Establish Incident Response Plans: Develop and regularly update incident response plans to ensure quick action in the event of a security breach.
  • Regularly Update Software: Ensure all dependencies are regularly updated to the latest secure versions to minimize exposure to known vulnerabilities.

By implementing these best practices, organizations can bolster their defenses against similar breaches and protect their digital assets more effectively.

How NHI Mgmt Group Can Help

Securing Non-Human Identities (NHIs) including AI Agents, is becoming increasingly crucial as attackers discover and target service accounts, API keys, tokens, secrets etc during breaches. These NHIs often hold extensive permissions that can be exploited, making their security a priority for any organization focused on protecting their digital assets.

Take our NHI Foundation Level Training Course, the most comprehensive in the industry, that will empower you and your organization, with the knowledge needed to manage and secure these non-human identities effectively.

👉 Further details here

In addition to our NHI training, we offer independent Advisory & Consulting services that include:

  • NHI Maturity Risk Assessments
  • Business Case Development
  • Program Initiation
  • Market Analysis & RFP Strategy/Guidance

With our expertise, we can help your organization identify vulnerabilities and implement robust security measures to protect against future breaches.

👉 Contact us here

Final Thoughts

The breach of the LiteLLM Python package serves as a stark reminder of the vulnerabilities inherent in software supply chains and the impact they can have on both developers and users. As cyber threats continue to evolve, organizations must prioritize proactive security measures to safeguard their digital assets. This incident underscores the importance of remaining vigilant and informed about potential risks in the cybersecurity landscape. By fostering a culture of security awareness and implementing best practices, organizations can better protect themselves against similar threats in the future. We encourage all stakeholders to stay informed, continuously assess their security posture, and take action to mitigate risks in this ever-evolving field.

#1 Authority in NHI Education, Research and Advisory, empowering organizations to tackle the critical risks posed by Non-Human Identities (NHIs), including AI Agents.

Get in Touch

Quick Links

Legal & Policies

©2025 NHIMG. All right reserved.