5d (edited) • 💬 Discussion
LiteLLM Compromised
Apologies if this has already been covered elsewhere. And if this does not apply, please do not hesitate to contradict this information. I'm heading on vacation and wanted this community to be aware.
LiteLLM (used by Agent Zero since version 0.9.1 I believe) has become the victim of a supply chain attack that is impacting many people and organizations. Security breakdown on what happened can be found here here: https://www.youtube.com/watch?v=uwSjgv4otAk
Key Details of the Integration
- Unified Interface: LiteLLM allows Agent Zero to interact with over 100+ LLM providers (including OpenAI, Anthropic, Google, and local providers like Ollama or LM Studio) using a single OpenAI-compatible format.
⚠️ Critical Security Alert (March 2026)
As of March 24, 2026, a major supply chain attack was identified affecting the LiteLLM library. If you are currently running or installing Agent Zero, please take the precautions outlined in the attached table.
Verification Command:
Run pip show litellm in your terminal. If you see version 1.82.7 or 1.82.8, treat your environment as compromised, rotate all API keys and secrets immediately, and delete your virtual environment.
4
5 comments
LiteLLM Compromised
Leaderboard (30-day)
1
+48
2
+16
3
+10
4
+9
5
+9
Powered by