Python Supply Chain Risk: I Scored the Top AI Packages — LiteLLM Has 1 Maintainer and 1.2K Versions

LiteLLM serves 97 million downloads per month. In March 2026, attackers stole a PyPI token, uploaded malicious versions, and compromised an estimated 500,000 machines. The package looked healthy by every conventional metric: high downloads, GitHub stars, active issues. But behavioral signals told a different story. The Attack Pattern The LiteLLM supply chain attack followed what security researchers now call the "pre-staged C2 pattern": Attackers stole a CI/CD token via a compromi