Scan Your Environment for Free Now

On March 24, 2026, the litellm Python package—which sees 3 million daily downloads and nearly 97 million monthly—was compromised in a sophisticated multi-stage supply chain attack.

If your team ran pip install litellm (versions 1.82.7 or 1.82.8) during the exposure window, your environment is likely compromised. This attack was specifically designed to exfiltrate:

• SSH Keys & Git Credentials

• Cloud Credentials (AWS, GCP, Azure)

• API Keys (OpenAI, etc.) and environment variables

• Persistent Backdoors via malicious system services

Standard scanners missed this because there was no CVE at the time of the attack.

To address this, the Threat Point team has released "Who Touched My Packages?"—a free, behavioral identification tool. It detects the specific malicious patterns used in this breach that traditional signature-based tools overlook.

Why use this tool?

• 100% Free: No paywalls, no credit cards, and no friction.

• Behavioral Analysis: Identifies zero-day patterns, such as unauthorized network calls and credential harvesting.

• Fast: One command to verify your entire dependency tree.