AppSec as attacker: Inside Trivy–LiteLLM

TeamPCP conducted a sophisticated supply-chain attack by compromising the Trivy GitHub Action and injecting .pth-based malware that ran at Python startup to scrape and exfiltrate cloud credentials and secrets; stolen tokens were then used to backdoor LiteLLM on PyPI, potentially impacting millions of AI deployments and high-value API keys. The report explains the technical delivery (.pth files), the stealth and detection gaps, and provides immediate mitigations (pin actions by SHA, audit .pth files, rotate CI/CD secrets, add behavioral ML scanning, and implement egress monitoring).