litellm suffered a PyPI supply chain attack; a simple installation could steal all sensitive credentials, including SSH keys.

According to Mars Finance, Andrej Karpathy posted on the X platform that litellm suffered a PyPI supply chain attack. Simply executing `pip install litellm` can steal SSH keys, AWS/GCP/Azure credentials, Kubernetes configurations, Git credentials, environment variables, encrypted wallets, SSL private keys, CI/CD keys, and database passwords. litellm has 97 million monthly downloads, and the risk can spread to all projects that rely on litellm, such as dspy. The maliciously injected version was deployed for less than an hour before being discovered when a flaw in the attack code caused Callum McMahon's machine to run out of memory and crash. Andrej Karpathy stated that supply chain attacks are one of the most threatening problems in modern software, as each dependency installation can introduce tampered packages deep into the dependency tree. He is therefore increasingly inclined to reduce dependencies and instead use LLM to directly implement simple functions.