A backdoor in your AI gateway: The sophisticated LiteLLM supply chain compromise by TeamPCP

Summary: Trend Micro details a sophisticated supply chain campaign attributed to TeamPCP that compromised LiteLLM and underscored the strategic value of AI gateways as targets for attack.

Trend Micro frames the LiteLLM case not just as a simple software dependency breach, but within a particularly sophisticated supply chain campaign attributed to TeamPCP, targeting components with a privileged position in modern AI stacks.

LiteLLM occupies precisely that sensitive spot. As an AI gateway or proxy for multiple AI services, it tends to centralize API keys, cloud credentials, and access logic toward various models. This makes it a highly strategic target: compromising it not only opens a technical backdoor but also provides visibility and control over a critical part of an organization's AI infrastructure.

The story serves as a background warning for the industry: the more the sector relies on intermediate layers of trusted software, the more attractive those pieces become to actors seeking to scale privileges through the supply chain. In that sense, the LiteLLM case functions as an early signal about a systemic risk that is only just beginning to come into focus.

Key facts

TeamPCP carried out one of the most sophisticated documented supply chain campaigns.
Compromised LiteLLM, a service that offers AI APIs with centralized API keys and cloud servers.

Why it matters

The case underscores the need for enhanced monitoring of software supply chains and meticulous auditing of components that centralize secrets and privileged access in AI architectures.

Structured details

Industry: cybersecurity
Source type: media
Claim status: confirmed
Verification: claimed_by_source
Entities: TeamPCP, LiteLLM

Source: https://www.trendmicro.com/en_us/research.html/en_us/research/26/c/inside-litellm-supply-chain-compromise.html

Published on 03/26/2026