How SentinelOne’s AI EDR Autonomously Discovered and Stopped Anthropic’s Claude from Executing a Zero Day Supply Chain Attack, Globally

SentinelOne reports a high-impact supply-chain compromise where attackers (TeamPCP) leveraged a prior compromise of Trivy to obtain PyPI credentials and publish trojanized LiteLLM packages (v1.82.7 and v1.82.8). The malicious packages used base64-decoded Python bootstrap code to deploy a multi-stage payload that harvested secrets and wallets, established persistent systemd services, created privileged Kubernetes pods for host access and lateral movement, and encrypted exfiltrated data to a domain blending with legitimate LiteLLM traffic; SentinelOne's autonomous behavioral detection preemptively blocked the execution across multiple customer environments.