Dispatch
Simon Willison Quantifies LiteLLM Supply Chain Blast Radius: 47,000 Downloads During 46-Minute Exploit Window
Simon Willison used the BigQuery PyPI dataset to quantify the damage from the TeamPCP LiteLLM supply chain attack. During the approximately 46-minute window the backdoored packages (litellm 1.82.7 and 1.82.8) were live on PyPI before quarantine, there were 47,000 downloads. The malicious .pth file executed automatically on every Python process startup, exfiltrating credentials via POST to a fake litellm.cloud domain. LiteLLM has 3.4M daily downloads — the narrow window limited but did not eliminate exposure for the 97M-downloads-per-month package.
↳ Follow the thread