LiteLLM's PyPI Backdoor: What It Means for the AI Skill Supply Chain
Attackers injected a credential stealer into litellm (95M downloads) via compromised CI/CD. What happened and why AI skills face the same threat.
#dual-side-verification
2 articles with this tag.
ClawHavoc: 1,184 Malicious Skills and Why Pre-Install Verification Matters
Post-mortem of ClawHavoc — the largest AI skill supply chain attack on record — and what it reveals about the limits of reactive security models.