Vetting the Black Box: A Supply Chain Due Diligence Framework for AI and ML
On March 24, 2026, attackers compromised LiteLLM's CI/CD pipeline and uploaded malicious PyPI packages that stole credentials from environments with three million daily downloads. The incident highlig…