LiteLLM: When Tools Become an Attack Surface—Supply Chain Attacks, CI/CD, and What to Actually Do About It - 10 de abril de 2026 - TecnoWebinars.com

Three hours. That's how long a compromised version of LiteLLM was available before anyone noticed, and in that window over 120,000 installs pulled down malware that harvested SSH keys, cloud credentials, and Kubernetes secrets. The kicker? The attackers got in through Trivy, a vulnerability scanner that thousands of organizations trust as part of their defensive infrastructure. We've entered an era where threat actors aren't just attacking through the supply chain. They're specifically targeting the tools we use to defend ourselves, then riding those trust relationships deeper into our environments. I'll walk through what's actually happening in these attacks, why traditional supply chain security approaches aren't enough, and (more importantly) what practical defenses are working. We'll cover dependency verification, pipeline hardening, secrets management patterns that survive a compromised tool, and how organizations are applying least-privilege and segmentation principles to their development infrastructure. The threat is real, but the good news is we already know most of the defensive principles. We just haven't applied them to the right places yet.