LiteLLM A.I CyberSecurity Scoring
LiteLLM
Company Information
Website:https://www.litellm.ai/
Employees number:7
Number of followers:8,480
NAICS:5112
Industry Type:Software Development
Homepage:litellm.ai
LiteLLM Risk Score (AI oriented)
Between 0 and 549
LiteLLMSoftware Development
Updated:
09/06/2026
09/06/2026
312/1000
Critical
C
LiteLLM Global Score (TPRM)
xxxx
LiteLLMSoftware Development
Score locked

LiteLLMCritical
Current Score
312C (CRITICAL)
01000
12 incidents
-21.25 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
321
JUNE 2026
315
Vulnerability
01 Jun 2026 • LiteLLM
LiteLLM: LiteLLM RCE Vulnerability Exploited in the Wild to Run Commands
Critical LiteLLM RCE Vulnerability Actively Exploited in the Wild
310
CRITICAL-5
LIT1781000708
Critical LiteLLM RCE Vulnerability Actively Exploited in the Wild
Threat actors are actively exploiting a critical unauthenticated remote code execution (RCE) vulnerability in LiteLLM, a widely used open-source AI proxy gateway, by chaining two CVEs to bypass authentication and execute arbitrary commands on vulnerable systems.
Researchers at Horizon3.ai confirmed the exploitation path on June 1, 2026, revealing that CVE-2026-42271 a command injection flaw in LiteLLM’s MCP server test endpoints can be combined with CVE-2026-48710, a Starlette "BadHost" Host Header validation bypass, to achieve unauthenticated RCE. The combined attack chain carries a CVSS score of 10.0 (Critical).
### Exploitation Details
CVE-2026-42271 targets two LiteLLM MCP server endpoints:
- `POST /mcp-rest/test/connection`
- `POST /mcp-rest/test/tools/list`
These endpoints allow attackers to supply malicious commands, arguments, and environment variables, which are then executed as subprocesses on the host. Initially, exploitation required a valid proxy API key, limiting its severity. However, CVE-2026-48710 affecting Starlette versions 1.0.0 and earlier enables attackers to manipulate Host header values, bypassing authentication entirely.
When both vulnerabilities are present, threat actors can gain unauthenticated RCE on vulnerable LiteLLM deployments.
### Impact of Successful Exploitation
A compromised LiteLLM instance grants attackers:
- Arbitrary OS command execution on the host
- Access to model provider credentials and API keys (e.g., OpenAI, Anthropic, Azure OpenAI)
- Theft of stored secrets within the proxy
- Lateral movement into connected AI infrastructure
- Compromise of downstream systems integrated with the gateway
Given LiteLLM’s role in enterprise AI pipelines, a breach could expose an organization’s entire AI operations layer.
### Affected Versions & Mitigation
- Vulnerable: LiteLLM 1.74.2–1.83.6 + Starlette 1.0.0 or earlier
- Patch: LiteLLM 1.83.7 (released May 8, 2026) introduces authorization controls and updates Starlette dependencies. Starlette should be upgraded to 1.0.1 or later.
- Interim Mitigations:
- Block external access to `/mcp-rest/test/connection` and `/mcp-rest/test/tools/list`
- Restrict network access to trusted segments
- Rotate all stored credentials and API keys
- Monitor logs for unusual Host header values and unexpected subprocess execution
Active exploitation makes this a high-priority patch for organizations running self-hosted LiteLLM instances.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
MAY 2026
473
APRIL 2026
476
Vulnerability
24 Apr 2026 • LiteLLM
LiteLLM: Fresh LiteLLM Vulnerability Exploited Shortly After Disclosure
Critical SQL Injection Flaw in LiteLLM Exploited Within Days of Disclosure
472
CRITICAL-4
LIT1777472744
Critical SQL Injection Flaw in LiteLLM Exploited Within Days of Disclosure
A critical SQL injection vulnerability (CVE-2026-42208, CVSS 9.3) in the open-source AI gateway LiteLLM was exploited just 36 hours after public disclosure, allowing attackers to access sensitive database tables, according to a report by Sysdig.
The flaw stemmed from improper handling of user-supplied values during API key verification, where the input was directly included in database queries rather than passed as a separate parameter. This enabled unauthenticated attackers to craft malicious Authorization headers, bypassing authentication entirely and accessing the proxy’s database via error-handling paths. Successful exploitation could expose or modify stored credentials, including API keys, provider credentials, and environment variable configurations.
LiteLLM’s maintainers addressed the issue in version 1.83.7, released following an April 20 advisory. However, by April 24, the vulnerability was indexed in GitHub’s advisory database, and attacks were detected shortly after. Sysdig observed automated exploitation attempts targeting three specific PostgreSQL tables, with attackers using column-count discovery techniques to enumerate the database schema. The attacks, spaced 21 minutes apart, rotated origin IP addresses but showed no signs of credential abuse post-extraction.
While the attacks demonstrated precision in schema enumeration, Sysdig noted no confirmed data compromise. Users were urged to update to the patched version or disable error logs to mitigate the risk.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
APRIL 2026
476
Breach
22 Apr 2026 • LiteLLM
Agoda, Booking.com and Booking Holdings: Agoda refutes claims of massive data breach
Agoda Denies Data Breach as Cybercriminals Claim Theft of 82 Million Records
476
CRITICAL0
AGOBOO1776904233
Agoda Denies Data Breach as Cybercriminals Claim Theft of 82 Million Records
Asia-based travel booking platform Agoda has refuted claims of a data breach after cybercriminals alleged the theft of 82 million user records. An Agoda spokesperson stated that internal investigations confirmed the leaked data did not originate from its systems.
Researchers at Cybernews analyzed a sample of 23 records provided by the attackers, which included sensitive details such as full names, identity card numbers, phone numbers, email addresses, and hotel addresses primarily linked to Malaysian users. Notably, the sample lacked reservation dates, an unusual omission that raised questions about the data’s origin. Despite this, the researchers verified the legitimacy of the exposed information.
The incident follows a recent confirmation by Agoda’s parent company, Booking Holdings, of a separate breach affecting Booking.com users. That attack exposed names, phone numbers, email addresses, and reservation details, leading to a surge in reservation hijacking scams across North America, Europe, and the UK. The timing of the two incidents has heightened concerns about cybersecurity risks in the travel industry.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
APRIL 2026
496
Cyber Attack
15 Apr 2026 • LiteLLM
Checkmarx, Guesty, LiteLLM and S&P Global: Don’t pay VECT a ransom - your big files are likely gone
Vect Ransomware Turns Out to Be a Wiper, Destroying Victims’ Data Instead of Encrypting It
475
CRITICAL-21
LITSPGGUECHE1777407909
Vect Ransomware Turns Out to Be a Wiper, Destroying Victims’ Data Instead of Encrypting It
A recent wave of supply-chain attacks targeting tools like Trivy and LiteLLM has left victims with little hope of data recovery, even after paying ransoms. According to Check Point Research, the Vect ransomware group partnering with TeamPCP isn’t actually encrypting files but instead permanently wiping any data larger than 128KB.
Since January, Vect’s leak site has listed 25 organizations, with four added since March, when extortion efforts tied to the supply-chain attacks began. However, it remains unclear how many of these victims are linked to the Trivy and LiteLLM compromises. On April 15, Vect claimed two major targets Guesty (700GB) and S&P Global (250GB) allegedly tied to earlier TeamPCP breaches, though these claims lack independent verification. Neither company responded to inquiries.
Vect and TeamPCP, which previously compromised security and developer tools like Checkmarx and Telnyx, announced their partnership on BreachForums, boasting of plans for larger supply-chain attacks and follow-on ransomware campaigns. Vect also integrated its ransomware-as-a-service (RaaS) with BreachForums, allowing registered users to access its malware, negotiation platform, and leak site.
Check Point researchers gained access to Vect’s ransomware builder and discovered critical flaws. Instead of encrypting files, Vect 2.0 destroys any file exceeding 128KB by discarding essential decryption keys. The malware, available for Windows, Linux, and ESXi, uses libsodium-based encryption but fails to properly handle decryption nonces, making recovery impossible even for the attackers. Additional bugs and poor implementation further undermine its effectiveness, with researchers describing the code as "not technically sophisticated" and "amateur execution."
The discovery confirms that victims of these attacks whether from supply-chain compromises or direct infections face irreversible data loss, regardless of ransom payments.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
APRIL 2026
561
Breach
03 Apr 2026 • LiteLLM
Mercor: Meta Halts Mercor Partnership After AI Training Data Breach
Meta Halts AI Data Partnership After Potential Breach Exposes Proprietary Training Secrets
494
CRITICAL-67
MER1775255558
Meta Halts AI Data Partnership After Potential Breach Exposes Proprietary Training Secrets
Meta has suspended its collaboration with AI data vendor Mercor following a security breach that may have exposed closely guarded details about its AI training methodologies. The incident, first reported by Wired, has triggered investigations by multiple leading AI labs that also relied on the startup’s services.
Mercor, a key player in the AI data ecosystem, provides specialized data labeling and processing for companies developing large language models. The breach potentially compromised sensitive information including data selection criteria, labeling protocols, and training strategies that firms treat as highly confidential intellectual property. In an industry where proprietary training methods are considered a competitive advantage, the leak represents a significant intelligence setback.
While the full extent of affected companies remains unclear, the incident underscores the high stakes of AI development, where billions are invested in refining models. Meta’s decision to pause the partnership reflects broader concerns about the security of third-party vendors in the AI supply chain.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
APRIL 2026
565
Vulnerability
01 Apr 2026 • LiteLLM
LiteLLM and Mercor: Mercor Hit by Supply Chain Attack via LiteLLM Breach
AI Recruiting Startup Mercor Hit by Supply Chain Attack via Compromised LiteLLM Project
561
CRITICAL-4
MERLIT1775010644
AI Recruiting Startup Mercor Hit by Supply Chain Attack via Compromised LiteLLM Project
AI-powered recruiting platform Mercor has confirmed a supply chain attack that exploited vulnerabilities in LiteLLM, an open-source proxy tool widely used in the AI industry. The breach, claimed by an extortion hacking crew, highlights the growing risks of third-party dependencies in AI infrastructure.
The attack originated from LiteLLM, a popular open-source project that simplifies API calls to major LLM providers like OpenAI and Anthropic. By compromising the tool, attackers potentially gained access to any system running the vulnerable code, amplifying the breach’s impact across the AI ecosystem.
Mercor, which uses AI to match companies with global technical talent, is now assessing the fallout. While the full scope of stolen data remains undisclosed, the incident raises concerns about the exposure of employee and candidate information. The breach comes at a critical time for the company, which has been positioning itself as a leader in AI-driven recruitment.
This attack underscores the cascading security risks posed by open-source dependencies in AI development, as startups increasingly rely on third-party tools to power their operations.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
APRIL 2026
587
Cyber Attack
31 Mar 2026 • LiteLLM
OpenAI: Meta Pauses Work With Mercor After Data Breach Puts AI Industry Secrets at Risk
Meta and AI Labs Pause Work with Mercor Following Major Security Breach
560
CRITICAL-27
OPE1775256197
Meta and AI Labs Pause Work with Mercor Following Major Security Breach
Meta has indefinitely suspended all projects with data contracting firm Mercor after a significant security breach exposed sensitive systems, according to sources familiar with the matter. The incident has prompted other major AI labs, including OpenAI and Anthropic, to reassess their partnerships with the startup as they evaluate the scope of the compromise.
Mercor specializes in generating proprietary training datasets for leading AI models, such as those powering ChatGPT and Claude, by employing large networks of human contractors. These datasets are closely guarded, as they contain critical insights into AI training methodologies information that could benefit competitors, including labs in the U.S. and China. It remains unclear whether the exposed data would provide a meaningful advantage to rivals.
OpenAI confirmed it is investigating the breach to determine if its proprietary training data was compromised but stated that user data remains unaffected. Anthropic has not yet responded to requests for comment.
Mercor acknowledged the attack in a March 31 internal email, describing it as part of a broader cyber incident affecting "thousands of organizations worldwide." Contractors working on Meta’s Chordus project an initiative to improve AI response verification were informed of a pause in work, with some facing potential unpaid leave until projects resume. The company is reportedly seeking alternative assignments for affected workers.
The breach appears linked to TeamPCP, a threat actor that recently compromised two versions of the AI API tool LiteLLM, distributing tainted updates that exposed numerous organizations. While the full extent of the fallout remains unclear, the incident highlights the supply chain risks in AI development, where third-party vendors handle highly sensitive data.
Adding to the confusion, a group claiming to be Lapsus$ advertised stolen Mercor data including a 200+ GB database, 1 TB of source code, and 3 TB of video files on Telegram and a BreachForums clone. However, cybersecurity researchers, including Allan Liska of Recorded Future, dismiss the claim, noting that TeamPCP is the likely culprit. Unlike the original Lapsus$, which targeted high-profile tech firms, TeamPCP has been linked to financially motivated attacks, ransomware operations, and even geopolitically driven malware, such as the CanisterWorm data-wiping tool targeting Iranian cloud systems.
The breach underscores the secrecy and vulnerability of AI data contractors, many of which like Surge, Handshake, Turing, Labelbox, and Scale AI operate under strict confidentiality, often using codenames for projects. As AI labs increasingly rely on external firms for critical training data, the incident raises concerns about security standards in an industry where even minor exposures could have far-reaching consequences.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
MARCH 2026
608
Cyber Attack
28 Mar 2026 • LiteLLM
Hasbro and Nucor: Hasbro takes some systems offline after cybersecurity incident
Hasbro Cyberattack Disrupting Operations and Shipments
587
CRITICAL-21
NUCHAS1775060645
Hasbro Discloses Cyberattack Disrupting Operations and Shipments
Toy and entertainment giant Hasbro revealed in a Securities and Exchange Commission (SEC) filing on Wednesday that a cyberattack has disrupted its ability to process orders and ship products. The company’s IT team detected unauthorized access on March 28, prompting immediate containment efforts, including taking some systems offline.
Hasbro has activated business continuity plans to maintain key operations while addressing the incident, though delays are expected to persist for several weeks. The company is also reviewing potentially impacted files to determine whether regulatory notifications are required. No hacking group has claimed responsibility as of Monday, and an investigation remains ongoing.
The attack adds Hasbro to a growing list of companies including Nucor, Masimo, and Clorox that have reported operational disruptions following cyber incidents in recent months. With $4.7 billion in 2025 revenue, Hasbro ranks among the largest toy and intellectual property manufacturers globally. The sector has seen prior ransomware attacks, with companies like Jakks Pacific and Bandai Namco targeted in previous years.
INCIDENT DETAILS -
TYPE
IMPACT
REFERENCES
MARCH 2026
628
Cyber Attack
19 Mar 2026 • LiteLLM
LiteLLM and Berri AI: LiteLLM infected with credential-stealing code via Trivy
Malicious Code Injection in LiteLLM Leads to PyPI Removal
607
CRITICAL-21
BERLIT1774384560
Malicious Code Injection in LiteLLM Leads to PyPI Removal
Two versions of LiteLLM (v1.82.7 and v1.82.8), an open-source interface for accessing multiple large language models, were removed from the Python Package Index (PyPI) after a supply chain attack inserted credential-stealing malware into the package.
The compromise stemmed from a misconfiguration in Trivy, an open-source vulnerability scanner maintained by Aqua Security, which was used in LiteLLM’s CI/CD pipeline. Attackers, identified as TeamPCP, exploited the flaw in late February to steal a privileged access token from Trivy’s GitHub Actions environment. Using the stolen credentials, they published malicious versions of Trivy (v0.69.4, v0.69.5, and v0.69.6) on March 19 and 22, including DockerHub images.
The attackers employed a sophisticated technique, modifying existing version tags in Trivy’s GitHub Action scripts to inject malicious code into workflows. Since many CI/CD pipelines rely on version tags rather than pinned commits, the changes went unnoticed, allowing the malware to execute undetected.
Krrish Dholakia, CEO of Berri AI (LiteLLM’s maintainer), confirmed that the attackers obtained LiteLLM’s PYPI_PUBLISH token, stored as an `.env` variable in the project’s GitHub repository, and used it to push the compromised versions. While LiteLLM accounts had 2FA enabled, the stolen token bypassed this protection. The team has since revoked all PyPI publishing tokens and is evaluating security improvements, including JWT-based trusted publishing and migrating to a new PyPI account.
Adding to the disruption, the GitHub vulnerability report for LiteLLM was targeted with a spam attack, flooding the discussion with AI-generated comments like "Thanks, that helped!" to obscure legitimate updates. Security researcher Rami McCarthy noted that 19 of the 25 spam accounts were also involved in the earlier Trivy campaign.
The Python Packaging Authority (PyPA) issued a security advisory, warning users who installed the affected LiteLLM versions to assume credential exposure and rotate any secrets accessible to the environment.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
FEBRUARY 2026
627
JANUARY 2026
624
DECEMBER 2025
622
NOVEMBER 2025
619
OCTOBER 2025
616
SEPTEMBER 2025
614
AUGUST 2025
611
APRIL 2025
666
Breach
28 Apr 2025 • LiteLLM
Mercor: AI for investors
AI Recruiting Unicorn Mercor Hit by Supply Chain Attack via Compromised LiteLLM Library
599
CRITICAL-67
MER1775112166
AI Recruiting Unicorn Mercor Hit by Supply Chain Attack via Compromised LiteLLM Library
Mercor, a $10 billion AI recruiting startup, confirmed a major security breach stemming from malicious code injected into the open-source LiteLLM project a widely used library that powers thousands of companies globally. The incident, classified as a supply chain attack, exposed sensitive data and underscored systemic risks in AI infrastructure dependencies.
### Breach Timeline and Discovery
Security researchers at Snyk detected the malicious code in LiteLLM last week, prompting its removal within hours. However, the exposure window allowed threat actors to compromise downstream systems. Mercor first noticed anomalous activity on April 28, 2025, with extortion group Lapsus$ claiming responsibility the following day. The group posted samples of stolen data on its leak site, including Slack communications, ticketing system records, and videos of AI-contractor interactions.
### Scope of Compromised Data
The breach exposed:
- Contractor data, including professional credentials and payment details.
- Proprietary AI training data and client information tied to partnerships with OpenAI and Anthropic.
- Internal communications and operational records.
Mercor, which connects specialized professionals (scientists, doctors, lawyers) with AI firms for training and validation, processes over $2 million in daily payouts. The company acknowledged it was one of thousands affected by the LiteLLM compromise.
### Threat Actors and Investigation
The attack involved two distinct groups:
1. TeamPCP, a hacking collective with suspected nation-state ties, executed the initial supply chain compromise.
2. Lapsus$, known for high-profile breaches (NVIDIA, Microsoft, Okta), later claimed responsibility for data exfiltration and extortion.
Investigators are still determining whether the groups collaborated or if Lapsus$ independently accessed the stolen data. Mercor is working with third-party forensics experts to assess the full impact.
### Broader Implications
The breach highlights critical vulnerabilities in AI infrastructure, particularly the risks of relying on open-source tools like LiteLLM a project maintained by a Y Combinator-backed startup. The incident reveals how a single compromise can cascade across industries, exposing sensitive data in AI training pipelines. The involvement of TeamPCP, linked to state-sponsored operations, suggests potential motives beyond financial gain, including intelligence gathering on AI methodologies and contractor networks.
Mercor’s rapid growth valued at $10 billion after a $350 million Series C in October 2025 makes it a prime target, but the attack’s ripple effects extend to the broader tech ecosystem. The ambiguity around the threat actors’ roles further complicates mitigation efforts.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
FEBRUARY 2025
747
Breach
01 Feb 2025 • LiteLLM
Anthropic: Anthropic leaks its own AI coding tool’s source code in second major security breach
Anthropic Accidentally Leaks Claude Code Source, Exposing Internal AI Systems
661
CRITICAL-86
ANT1774981746
Anthropic Accidentally Leaks Claude Code Source, Exposing Internal AI Systems
Anthropic has inadvertently leaked the source code for Claude Code, its widely adopted AI-powered coding assistant, exposing roughly 500,000 lines of code across 1,900 files. The incident, confirmed by the company as a "release packaging issue" caused by human error, occurred when internal code was mistakenly uploaded to NPM a platform for software distribution instead of the final, compiled version.
The leak follows a separate accidental disclosure earlier this month, in which a draft blog post revealed details about Mythos (also referred to as Capybara), an upcoming AI model described as more powerful and potentially more dangerous than Anthropic’s current flagship, Opus. While the latest breach did not expose model weights or customer data, cybersecurity experts warn it could allow competitors to reverse-engineer Claude Code’s underlying "agentic harness" the software layer that governs the AI’s behavior, tool integration, and safety guardrails. This could enable the creation of open-source alternatives or help rivals refine their own AI systems.
Security researcher Roy Paz of LayerX Security noted that the leaked code also provided further evidence of Capybara, Anthropic’s next-generation model, which is expected to surpass Opus in capability and cost. The draft blog post previously described it as a new tier, with "fast" and "slow" variants likely replacing Opus as the company’s most advanced offering. Paz highlighted concerns that the exposed code may reveal vulnerabilities in how Claude Code interacts with Anthropic’s internal systems, potentially allowing malicious actors including nation-states to exploit the AI for cyberattacks or bypass existing safeguards.
Anthropic’s Opus model is already classified as a high-risk tool due to its ability to autonomously identify zero-day vulnerabilities, a capability that could be weaponized by threat actors. This is not the first time the company has faced such an exposure; in February 2025, an early version of Claude Code was similarly leaked, revealing internal workings and system connections before being removed.
The company has stated it is implementing measures to prevent future incidents but has not disclosed further details. The leak underscores the challenges of securing proprietary AI systems as adoption and scrutiny of advanced models continues to grow.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
JANUARY 2025
749
Vulnerability
01 Jan 2025 • LiteLLM
Anthropic, Windsurf, LiteLLM and Agent Zero: Critical Vulnerability in Flowise Allows Remote Command Execution via MCP Adapters
Critical MCP Vulnerability Exposes AI Ecosystem to Remote Command Execution
747
CRITICAL-2
ANTCOGAGELIT1776429692
Critical MCP Vulnerability Exposes AI Ecosystem to Remote Command Execution
Security researchers at OX Security have uncovered a systemic design flaw in Anthropic’s Model Context Protocol (MCP), a widely adopted framework for AI agent communication. The vulnerability enables remote command execution (RCE), allowing attackers to fully compromise affected systems.
Unlike isolated software bugs, this flaw stems from MCP’s core architecture, making it difficult to mitigate universally. It affects official MCP SDKs across Python, Java, Rust, and TypeScript, with over 150 million downloads tied to MCP-based components. More than 7,000 publicly accessible MCP servers and an estimated 200,000 vulnerable instances worldwide amplify the risk, creating a software supply chain threat for developers integrating MCP into their applications.
### Attack Vectors & Impact
The vulnerability enables multiple exploitation methods, including:
- Unauthenticated UI injection in AI frameworks
- Zero-click prompt injection in AI IDEs like Windsurf and Cursor
- Malicious package distribution via marketplace poisoning
- Security bypasses in protected environments, such as Flowise, where attackers can execute arbitrary commands, access databases, API keys, and sensitive data
### Affected Tools & CVEs
The flaw has led to multiple CVE disclosures across popular AI tools:
- GPT Researcher (CVE-2025-65720)
- Agent Zero (CVE-2026-30624)
- Fay Framework (CVE-2026-30618)
- Langchain-Chatchat (CVE-2026-30617)
- Jaaz (CVE-2026-33224)
- Windsurf (CVE-2026-30615 – zero-click prompt injection)
- Upsonic (CVE-2026-30625 – allowlist bypass)
Some platforms, including LiteLLM and Bisheng, have released patches, but Anthropic has not altered MCP’s architecture, stating the behavior is "expected." This leaves organizations to implement their own safeguards, such as restricting public access to MCP services, treating inputs as untrusted, and running services in isolated environments.
The incident underscores the growing risks in AI supply chains and the need for secure-by-design architectures as AI adoption expands.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for LiteLLM ??
What was LiteLLM's A.I Rankiteo Cyber Score in June 2026 ??
What was LiteLLM's A.I Rankiteo Cyber Score in May 2026 ??
What was LiteLLM's A.I Rankiteo Cyber Score in April 2026 ??
What was LiteLLM's A.I Rankiteo Cyber Score in March 2026 ??
What was LiteLLM's A.I Rankiteo Cyber Score in February 2026 ??
What was LiteLLM's A.I Rankiteo Cyber Score in January 2026 ??
What was LiteLLM's A.I Rankiteo Cyber Score in December 2025 ??
What was LiteLLM's A.I Rankiteo Cyber Score in November 2025 ??
What was LiteLLM's A.I Rankiteo Cyber Score in October 2025 ??
What was LiteLLM's A.I Rankiteo Cyber Score in September 2025 ??
What was LiteLLM's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on LiteLLM's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with LiteLLM ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view LiteLLM's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?