A sophisticated threat actor group called TeamPCP has executed one of the most damaging supply chain attacks targeting the AI development community. By first compromising Trivy, a popular open-source vulnerability scanner, they obtained credentials that allowed them to inject malicious code into LiteLLM — a widely used AI gateway framework — reaching an estimated 95 million developers worldwide. This blog breaks down how the attack unfolded, how TeamPCP leveraged AI tools, and what organizations must do to protect their AI development pipelines. Contact Technijian to strengthen your defenses. ... Read More