AI Supply-Chain Attacks Bypass Model Red Teams

AI supply-chain attacks bypass model red teams

Four supply-chain incidents hit OpenAI, Anthropic and Meta in 50 days: three adversary-driven attacks and one self-inflicted packaging failure. None targeted the model, and all four exposed the same gap: release pipelines, dependency hooks, CI runners, and packaging gates that no system card, AISI evaluation, or Gray Swan red-team exercise has ever scoped.On May 11, 2026, a self-propagating worm called Mini Shai-Hulud published 84 malicious pack…

Four AI supply-chain attacks in 50 days exposed the release pipeline red teams aren't covering – #CryptoUpdatesGNIT

Four supply-chain incidents hit OpenAI, Anthropic and Meta in 50 days: three adversary-driven attacks and one self-inflicted packaging failure. None targeted the model, and all four exposed the same gap: release pipelines, dependency hooks, CI runners, and packaging gates that no system card, AISI evaluation, or Gray Swan red-team exercise has ever scoped. On May 11, 2026, a self-propagating worm called Mini Shai-Hulud published 84 malicious pac…

TeamPCP compromises Python libraries via supply chain attack

TeamPCP uploaded malicious LiteLLM versions to PyPI after compromising Trivy and stole API keys for OpenAI, Anthropic, and Azure.

Forcepoint details TeamPCP supply chain attack that turned LiteLLM into a credential stealer

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that compromised LiteLLM, a widely used open-source Python library that serves as a unified gateway to more than 100 large language model providers, turning two malicious releases of the package into a credential-stealing tool aimed at cloud and artificial intelligence […] The post Forcepoint details TeamPCP supply chain attack t…