AI App Security Alert: Axios and LiteLLM Supply Chain Attacks

Wild: One of the most used JavaScript libraries on Earth with 100M+ downloads/week just got hit by a supply chain attack. And it quietly turned developer machines into backdoors 😳 Axios is a programming library that helps your JavaScript code make HTTP/S requests (communicate with websites). Attackers hijacked a maintainer account on npm: → Shipped malicious versions (1.14.1, 0.30.4) → Injected a “helper” dependency: plain-crypto-js@4.2.1 → Triggered a cross-platform RAT (Mac, Windows, Linux) on install No exploit needed. Just trust. And this uncovered the uncomfortable truth: We’ve optimized software for speed. CI/CD pipelines. Auto-updates. AI-generated code pulling dependencies. But we didn’t redesign security for that world. So now the fastest teams are also the most exposed. AI is about to pour fuel on this. → Devs ship faster → more dependencies, less scrutiny → AI copilots write code that imports packages humans never review → Attackers use AI to generate polymorphic malware that looks “clean” Supply chain attacks were already up ~742% YoY. Now imagine that curve with AI on both sides. That’s why companies like Oscilar matter more than ever. They’re not scanning codebases. They’re watching behavior. Remember that Axios was live for just ~2-3 hours. That’s enough. Enough to infect dev machines. Enough to steal keys. Enough to move laterally. The old model assumed breaches start at the perimeter. This one starts inside your build process. Every modern company runs on open source. Which means every modern company shares the same risk. And the same illusion: That someone else checked the code. They didn’t. P.S. check out 🔔linas.substack.com🔔, it's the only newsletter you need for all things when Finance meets AI. For founders, builders, and leaders.

The Axios breach proves AI governance needs to be top of mind and this is something that goes way beyond just model oversight. To better understand AI governance and what it entails, take a look at the Stanford Law School AI Life Cycle Core Principles framework at https://ailccp.replit.app/. It's free.

This is why I've deliberately avoided building anything with Node.js and it will only get worse. If it's not compiled and signed, it's at risk.

I think this is just proving a point. 🛑 The more code we generate, the more the attack surface grows. Now think about it like this: 👉 More and more developers are using more and more AI to generate more and more code. 👉 At the same time, more libraries are being created and used in software products to speed development up even more. What grows? You guessed it right. The attack surface grows exponentially. 📈 Then, we have bad actors that operate exactly the same way. They are using more tools to generate more software that attacks the surface in more points. That means better tools to attack faster, against a growing surface. So what's the end result? You guessed it. 🚫 More and more cybersecurity issues. 🚫 Data leaks. 🚫 Stolen data. And we are just witnessing the beginning. How many companies were already hacked, had their data stolen, and have no idea? 🤔 Great post by Linas Beliūnas, by the way, go check his profile! #product #productmanagement #security #CyberSecurity #AI #SoftwareDevelopment #InfoSec #TechTrends #DataPrivacy

I designed and built CryptoGuard AI, an autonomous, AI-powered cryptography validation system that scans Java, Python, and C/C++ codebases for security vulnerabilities and FIPS 140-3 compliance violations, leveraging RAG-enhanced validation and built to be post-quantum ready. ## Features - **Multi-Agent Architecture**: Orchestrator, Parser, RAG System, Validator, and Auto-Fixer agents powered by AWS Bedrock - **Multi-Language Support**: Scans **Java**, **Python** (cryptography, pycryptodome, hashlib, ssl), and **C/C++** (OpenSSL, Crypto++, mbedTLS, Windows CNG) - **18 Violation Categories**: Detects weak algorithms (DES, RC4, MD5, SHA-1), bad key sizes (RSA < 2048, AES < 256), insecure modes (ECB), weak IVs, hard-coded keys, weak RNG, incorrect padding, and more - **FIPS 140-3 Compliance**: 5 specialized categories, ECB is the only non-approved mode; CBC/CTR/CFB/OFB/GCM/CCM are all FIPS-approved - **RAG System**: AWS Bedrock Titan embeddings with 20+ curated standards (NIST, FIPS, OWASP, CWE) - **Category Filtering**: Configurable whitelist/blacklist modes for targeted scanning - **Auto-Fix System**: Automatically patches safe violations with backup/rollback capability - **GitHub Scanner**: Scan repositories directly from GitHub.com and GitHub Enterprise. - **Rich Reporting**: JSON, HTML dashboard, and Markdown formats — unique filenames even for repos with dots in their name Architecture of the CryptoGuard AI =======================

TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 Likely via Trivy CI/CD Compromise: TeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm, pushing two malicious versions containing a credential harvester, a Kubernetes lateral movement toolkit, and a persistent backdoor. Multiple security vendors, including Endor Labs and JFrog, revealed that litellm versions 1.82.7 and 1.82.8 were published on

Anthropic just made the strongest argument for Rust I have ever seen. They did not even mention Rust. Here is what happened. Yesterday, Anthropic announced Project Glasswing. Their new model, Claude Mythos Preview, found thousands of zero-day vulnerabilities across every major operating system and every major browser. Three examples they published: 🔸 "A 27-year-old vulnerability in OpenBSD that allowed an attacker to remotely crash any machine running the operating system just by connecting to it." 🔸 "A 16-year-old vulnerability in FFmpeg, in a line of code that automated testing tools had hit five million times without ever catching the problem." 🔸 "Several vulnerabilities in the Linux kernel chained together to allow an attacker to escalate from ordinary user access to complete control of the machine." 27 years. 16 years. 5 million automated test hits. All missed. I went and read the red team blog they published alongside the announcement. This line stopped me: 🔸 "Anthropic focused on searching for memory corruption vulnerabilities, because they can be validated with relative ease." Memory corruption. OpenBSD: written in C. FFmpeg: written in C. Linux kernel: written in C. This is not a coincidence. These bugs survived decades of human review and millions of automated scans because C gives you zero protection against memory errors. You can write a bug that silently corrupts memory, and the program keeps running fine. Until one day, under the exact right conditions, it does not. That is the nature of memory-unsafe languages. The bug exists silently. No compiler error. No warning. Nothing. Rust eliminates this entire class of bugs at compile time. Not at runtime. Not with scanners. Before your code even runs. I know what you are thinking. Anthropic built this model. Of course they want to make it sound scary so they can sell access at $25 per million tokens. Maybe. But the bugs are real. They are patched. The CVEs exist. OpenBSD confirmed it. FFmpeg confirmed it. You can question Anthropic's motives. You cannot question a 27-year-old bug that just got fixed. Think about that. It took a frontier AI model to surface what 27 years of security reviews missed. But if these codebases had been written in Rust, there would have been nothing to find. We are now entering a world where AI can find and exploit your C code faster than you can patch it. The question is not whether to learn Rust anymore. It is how long you can afford not to. 2026 is the best moment to start learning Rust. AI writes code faster than ever. But AI also finds bugs faster than ever. The only way to stay ahead is to write code that does not have these bugs in the first place. That is what Rust gives you.

I recently came across a security issue with **LiteLLM** that really caught my attention. A compromised version of the package was capable of leaking sensitive data like API keys and environment variables. As someone working closely with backend systems and LLM integrations, this hit home. We often: * Store secrets in env files * Trust popular libraries blindly * Focus more on features than security But incidents like this show: 👉 The weakest link can be a dependency you didn’t question. **What I’m taking away from this:** * Always pin dependency versions * Regularly audit packages * Rotate secrets proactively * Never assume "popular = safe" Security is not a separate task — it's part of engineering. #Backend #Security #Python #LLM #SoftwareEngineering

TeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm, pushing two malicious versions containing a credential harvester, a Kubernetes lateral movement toolkit, and a persistent backdoor. Multiple security vendors, including Endor Labs and JFrog, revealed that litellm versions 1.82.7 and 1.82.8 were published on March

Anthropic just leaked the entire Claude Code source code 🤯 Again. Earlier today, the full TypeScript source of ~510,000 lines for the Claude Code CLI was exposed via a misconfigured npm package 📉 A .map file accidentally included in the release pointed directly to unobfuscated source code hosted on Anthropic’s own storage. The internet moved fast 🚀 Within hours: ✅ GitHub mirrors hit 50k stars (the fastest in history) ✅ Over 1,900 forks created ✅ Multiple Rust rewrites are already underway What the leak reveals about how Claude works 🔍 • Undercover Mode: Strips Anthropic internals when used externally • Frustration Regexes: Code designed to detect when users are getting angry • Unreleased Models: References to secret internal LLMs • Supply Chain Risk: Continued use of Axios (which was recently compromised) Anthropic claims this was a "release packaging issue caused by human error" rather than a security breach. The kicker? This is their second massive source leak in 13 months. The first was just back in February 2025. For anyone building on AI infrastructure, this is a massive wake up call 🔔 Even the world's most sophisticated AI labs make basic DevOps mistakes. Your vendor's security posture is only as strong as their last npm publish. I’ve dropped the GitHub mirrors and full source reports in the comments below 👇 Is this just a "human error" or a sign of deeper systemic issues at the major AI labs? 💭 #AI #Anthropic #ClaudeCode #CyberSecurity #DevOps #AIStrategy