Taiki
My team at work just published some context on the recent Trivy mess and how it caused the LiteLLM compromise https://securitylabs.datadoghq.com/articles/litellm-compromised-pypi-teampcp-supply-chain-campaign/
LiteLLM compromised on PyPI: Tracing the March 2026 TeamPCP supply chain campaign | Datadog Security Labs

On March 24, 2026, two PyPI releases of LiteLLM were published with malicious code. We trace the full TeamPCP supply chain campaign from Trivy through npm, Checkmarx, and into LiteLLM.

Mar 24 at 11:14pmIvory for Mac