Black & White Path

Mar 29, 2026 · Information Security

How Hackers Leveraged AI to Compromise Trivy and LiteLLM – A Supply‑Chain Attack Case Study

An obscure hacker group, TeamPCP, used an AI agent powered by Anthropic’s Claude to trick the open‑source security scanner Trivy into revealing its GitHub credentials, then injected malicious code into Trivy’s updates and subsequently compromised the AI gateway LiteLLM, exposing critical supply‑chain vulnerabilities in popular AI development tools.