Supply‑Chain Hijack: TeamPCP Backdoors LiteLLM via Corrupt Trivy Image

Security researchers uncovered that the threat group TeamPCP injected malicious backdoors into recent releases of the open‑source LiteLLM library. The insertion stemmed from a tampered Trivy container image that was used in the library’s CI/CD pipeline. By compromising the image, the attackers were able to modify the build artifacts and embed code that runs whenever LiteLLM is imported by downstream AI applications.

The hidden payload grants adversaries the ability to execute arbitrary commands on any host that loads the compromised LiteLLM version, opening pathways for credential theft, data exfiltration, or further lateral movement. Defenders must treat this as a supply‑chain alert: verify the integrity of CI/CD images, enforce signed container registries, adopt SBOMs for critical libraries, and monitor for unexpected behavior from AI workloads that depend on LiteLLM.

Categories: Vulnerabilities & Exploits, AI Security & Threats, #AI Security & Threats

Source: Read original article