How SentinelOne’s AI EDR Autonomously Discovered and Stopped Anthropic’s Claude from Executing a Zero Day Supply Chain Attack, Globally - sentinelone.com

A sophisticated multi-stage supply chain attack, initiated by compromising open-source security scanner Trivy to steal LiteLLM PyPI credentials, injected malicious versions (1.82.7, 1.82.8) of LiteLLM into customer environments. This enabled data exfiltration, system persistence, and lateral movement within Kubernetes clusters, notably leveraging AI coding assistants with unrestricted permissions as an unwitting infection vector.