On March 24, 2026, two malicious versions of LiteLLM — the Python library powering 95 million monthly downloads across the AI developer ecosystem — were quietly pushed to PyPI. The attack didn’t begin with LiteLLM. It began with Trivy, a vulnerability scanner running inside LiteLLM’s own CI pipeline without version pinning. One compromised dependency handed attackers the PyPI publishing credentials they needed. What followed was a multi-stage credential stealer that executed silently on every Python process, swept SSH keys, cloud credentials, Kubernetes tokens, and API keys, then exfiltrated everything encrypted to an attacker-controlled server. The TeamPCP campaign is still active. This is the blueprint for AI supply chain attacks going forward — and your current defenses are probably not sufficient.
How Adversarial Attacks Break NLP Models in Production
Modern NLP models power critical systems, from content moderation to fraud detection — yet remain surprisingly fragile. A single word swap can flip a sentiment prediction from positive to negative. A single character edit can bypass spam filters. This post walks through three real-world adversarial techniques (TextFooler, BERT Attack, DeepWordBug) that achieve 52-75% success rates against production transformers, and introduces an open-source lab where you can reproduce these attacks using the TextAttack framework. Complete with Docker setup, attack metrics, and defense strategies—this is adversarial ML research you can run in 10 minutes
Prompt Injection is the New Buffer Overflow: Understanding LLM Exploitation
Prompt injection is basically the new buffer overflow — except now the payload shows up wearing plain English instead of shellcode. 😅💬 As LLMs take on mission-critical roles, attackers have figured out they don’t need to smash your memory… they just need to sweet-talk your model. This article unpacks how prompt injection works, why defending against it feels like herding linguistic cats 🐈⬛, and what the next generation of AI security must do to stay ahead. 🔐🤖✨