PyPI supply chain attack via litellm and the dependency risk problem in ML engineering

ByGlen Rhodes March 24, 2026

The litellm supply chain attack this week should be a wake-up call for every ML engineer.

One poisoned PyPI release. Less than an hour live. And it had the potential to exfiltrate SSH keys, AWS credentials, Kubernetes configs, API keys, crypto wallets, and shell history from every machine that ran pip install litellm or anything that pulled it in as a dependency.

97 million downloads a month. The blast radius on that is hard to overstate.

What stopped it? The attacker’s own bug crashed a developer’s machine by consuming all its RAM. A lucky accident, not a defense.

Karpathy made a point worth sitting with: classical software engineering treats dependencies as virtuous. We’ve been told small, composable packages are good. Reuse is good. Don’t reinvent wheels.

But that philosophy quietly transferred enormous risk into every project. You’re not just trusting the library you installed. You’re trusting its full dependency tree, every maintainer in that tree, and every account that has publish access to every one of those packages.

For ML projects specifically, this risk is worse than average. Our dependency graphs are massive. A typical ML service might pull in hundreds of transitive packages. Each one is a potential attack surface.

I’ve been thinking about what actually changes behavior here.

Private mirrors with pinned, audited packages help. Hash verification at install time helps. But neither of those is the default. Most teams ship without them.

Karpathy’s take is to use LLMs to write the functionality directly when it’s simple enough, avoiding the dependency entirely. That sounds extreme until you think about what you’re actually protecting against.

For a small utility function? Copy the logic. Vendor it. Own it.

For something complex like litellm itself? You probably need it. But you should pin the exact version, verify the hash, and treat any update as a deliberate decision, not a background process.

The real lesson is not “don’t use open source.” It’s that dependency hygiene has to become as standard in ML workflows as model versioning or data validation.

We’re careful about what goes into our models. We should be just as careful about what runs on our machines.

#MachineLearning #MLEngineering #CyberSecurity #Python #AIEngineering #SoftwareEngineering

AI | Blog

Unleash the Power of AI ChatGPT for Image Generation Using One Simple Trick!
ByGlen Rhodes February 2, 2023February 2, 2023

Have you ever wondered how to create AI image generation prompts with ease? If you’re looking for a quick and effective way to do this, look no further than ChatGPT! ChatGPT, the advanced language model developed by OpenAI, can be used to create compelling and detailed descriptions of images, which can then be used as…

Read More Unleash the Power of AI ChatGPT for Image Generation Using One Simple Trick!
AI | Data & Analysis | Machine Learning | Tech

Prediction: termination logic is the underrated design problem in agentic AI systems, not model quality or prompt design
ByGlen Rhodes March 8, 2026

The Hardest AI Problem Isn’t the Model. It’s Knowing When to Stop. Most teams building agentic AI systems are focused on the wrong problem. They spend weeks on prompt engineering. They benchmark models. They agonize over latency. And then they ship an agent that loops forever, or halts too early, or confidently hands back a…

Read More Prediction: termination logic is the underrated design problem in agentic AI systems, not model quality or prompt design
AI | Data & Analysis | Machine Learning | Tech

OpenAI container pooling in Responses API and what fast warm containers mean for agentic UX
ByGlen Rhodes March 23, 2026

Container Pooling in the Responses API Is Not a Plumbing Detail Most engineers I talk to treat cold-start latency as a footnote. Something to optimize later. A known cost of doing business with containerized infrastructure. I’ve been guilty of this too. OpenAI just made that attitude a lot harder to defend. They shipped container pooling…

Read More OpenAI container pooling in Responses API and what fast warm containers mean for agentic UX
AI | Data & Analysis | Machine Learning | Tech

Microsoft open-sources BitNet, enabling 100B parameter LLM inference on a single CPU using 1.58-bit ternary weights
ByGlen Rhodes March 11, 2026

The End of the GPU Tax I’ve spent years watching the AI hardware conversation circle the same drain. More VRAM. Bigger clusters. Faster interconnects. The implicit assumption baked into every serious LLM deployment is that you need specialized, expensive hardware just to run inference. Microsoft just kicked that assumption in the teeth. BitNet is an…

Read More Microsoft open-sources BitNet, enabling 100B parameter LLM inference on a single CPU using 1.58-bit ternary weights
AI | Data & Analysis | Machine Learning | Tech

Seedance 2.0: AI Video Quality Just Crossed the Production Threshold
ByGlen Rhodes March 9, 2026

ByteDance just dropped Seedance 2.0, and the short films being made with it are genuinely difficult to distinguish from real production footage. That’s the news. Here’s what I actually think. We crossed a threshold somewhere in the last 90 days where AI video stopped being a party trick and started being a production pipeline. The…

Read More Seedance 2.0: AI Video Quality Just Crossed the Production Threshold
Blog

“Level Up Your Future: A Comprehensive Guide to Building a Successful Career in Game Development”
ByGlen Rhodes May 30, 2023

Game development has evolved significantly over the past few decades, and the industry continues to grow at an exponential rate. It’s no surprise that numerous aspiring developers are now seeking to build a successful career in this exciting and dynamic field. If you’re one of those individuals, you’ve come to the right place. In this…

Read More “Level Up Your Future: A Comprehensive Guide to Building a Successful Career in Game Development”

Similar Posts

Leave a Reply Cancel reply