Comment by n1tro_lab
1 day ago
The scariest part is LiteLLM is a transitive dependency. The person who found it wasn't even using LiteLLM directly, it got pulled in by a Cursor MCP plugin. The supply chain attack surface for AI tooling is massive because these packages get pulled in as dependencies of dependencies and nobody audits transitive installs.
No comments yet
Contribute on Hacker News ↗